OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Clearing the PageFile at shutdown on NT4
From: Aaron Holten (AHOLTESTATE.WY.US)
Date: Tue Nov 14 2000 - 10:46:38 CST

I'm curious as to what actually happens during this process. Is the pagefile simply deleted, then recreated upon reboot, or does NT "strip" the pagefile for sensitive data (anything related to password hashes, SAM, anything?) ...

The reason I'm curious about this is because I've noticed that with this option enabled, it takes a machine a good deal longer to shut down than with it disabled. What are the benefits of having this option enabled security-wise?

Some other observations I've noticed is that if a user powers the machine off before the "Restart" button appears, it tends to wreck the machine. I've had about 5 users on my network crash their machines by enabling this option, and then having them not shut down properly (user error I know, but still). I also noticed that, even on a Compaq ML570 700mhz Xeno w/ 1.5g of ram, it takes approximatley 15 minutes to shut down with this enabled.

I'm wondering what goes on during this process, what the benefits are, and what your comments, concerns, etc are ...

Thanks ...