Jump to content
RESET Forums (homeservershow.com)

Need advice on a couple of issues - clearing pagefile and sector re-alignment


dvn
 Share

Recommended Posts

Guys, I need an opinion on a couple things. Any experience with either issue would be helpful, but feel free to throw something out there if it makes sense to you. Thanks. - Rich

 

1.       ClearPageFileAtShutdown
 

a.      Does anyone still do this on their personal PC/laptop?

b.      Can anyone tell me if their IT dept uses this setting as policy?

 
2.       If I needed to re-align a System Reserved and OS partition sitting on an Bitlocker encrypted SSD because the partitions were not 4k aligned, how should I do it?
 

Here's my my current plan. Can you tell me if it makes sense, or if I'm missing anything?

 

1.       Turn off Bitlocker *
2.       Make an Acronis image of the drive – System Reserved + OS
3.       Properly align the drive partitions on 4k boundaries
4.       Restore the two partitions from the Acronis image to their respective, newly aligned partitions
5.       Re-encrypt the drive with Bitlocker

 

*The reason BitLocker needs to be turned off is because it forces Acronis to make a sector-by-sector image of the entire drive. That would not allow the usual Acronis flexibility to restore partitions to smaller (slightly smaller in this case) partitions.  It’s possible that I could suspend Bitlocker, but in that case I would have to install Acronis on the machine. 
 
For this scenario, do you see a problem with turning Bitlocker off/on?
Is my thinking good here, or would you do it another way? If so, how?

Link to comment
Share on other sites

To be honest, I think I can assume that no one is clearing pagefiles on their personal machines. As far as corporate IT doing it, I'm going to assume that if it's done, it's only done by a fractional percentage not represented here.

 

As to the Bitlocker partition realignment, I believe my current plan is good. I'll do my usual due diligence and in this case, I'll create a sector-by-sector backup of the whole drive before making any modifications. Then proceed with the plan that involves suspending Bitlocker. Assuming I'm able to create a normal partition backup from the Acronis boot media, I'll will continue with the rest of the steps. If I run into trouble after the realignment, I have the sector-by-sector image as my fail-safe. I think I'm good to go.

Link to comment
Share on other sites

It's done! Bitlocker-enabled SSD on a TPM-enabled laptop is now 4k-aligned. 4k & 4k queued benches look better, particularly writes. Excess writes due to misalignment are no more. A good day!

  • Like 1
Link to comment
Share on other sites

To be honest, I think I can assume that no one is clearing pagefiles on their personal machines. As far as corporate IT doing it, I'm going to assume that if it's done, it's only done by a fractional percentage not represented here.

 

As to the Bitlocker partition realignment, I believe my current plan is good. I'll do my usual due diligence and in this case, I'll create a sector-by-sector backup of the whole drive before making any modifications. Then proceed with the plan that involves suspending Bitlocker. Assuming I'm able to create a normal partition backup from the Acronis boot media, I'll will continue with the rest of the steps. If I run into trouble after the realignment, I have the sector-by-sector image as my fail-safe. I think I'm good to go.

 

Regarding clearing the page file at shutdown, it is a mandatory security policy for military computers.

Link to comment
Share on other sites

The military also destroys HDDs by shredding, turning into powder, or de-Gaussing so that even the system board on the HDD is rendered nonfunctional.

This has been interesting to investigate, the pagefile wipe issue. There are tools/ways to find strings in a pagefile. How useful a string would be depends on why you're analyzing the pagefile in the first place. A file less than 4k could be entirely recovered  Not sure what would be involved in reconstructing a larger file, especially if it wasn't stored in contiguous sectors. You'd have to know your headers, I guess. I might have to fire up a Linux distro and see how well some of the free methods work.

 

Still waiting to hear if any corps or schools are doing this.

Link to comment
Share on other sites

I somewhat understand why they would want to clear the page file, but if the entire drive is encrypted via Bitlocker, truecrypt or others, wouldn't that protect any data inside the pagefile anyways?  Seems rather pointless to encrypt the entire hard drive except for one file - granted that file is basically just a bunch of RAM data.  Relying on the system to wipe it during shutdown would make the computer more vulnerable to attack by a power loss then as well, wouldn't it?

  • Like 1
Link to comment
Share on other sites

Ha! I have visions of rogue agents cutting the power to a building just as the CEO goes to shut off his computer for the night, like an episode of 24.  :D

 

My pagefile question arises from a concern over performance and user experience. Since there is a security component involved, and since my perspective on pagefile clearing is one of a private individual and not an agency or organization charged with national security, or a business or hospital, I'm trying to better understand when the practice might be used. If you throw BitLocker encryption into the mix, what is the likelihood that pagefile clearing is being done as well? Just looking for experience here, someone who has worked in a setting besides other than those related to national security.

 

And I'll add to that. If pagefiles are being cleared, are they being reconfigured, say to a fixed size of 1 GB or similar? I suppose an average user might be fine. But someone playing with huge spreadsheets or doing some other intense data crunching might start having some crashes.

 

timekills mentioned the military's policy and that reminded me that there's more than schools or businesses to think about, though some businesses are certainly linked to national security. Again, I'm really just interested in settings other than those.

Link to comment
Share on other sites

If not used for national or other security reasons (which is why I used it), I think it depends mostly on a person's desire for privacy.

 

Some people are pretty much open books, and are comfortable with that, while others have no interest in other people nosing into their lives. I'm mostly in the latter camp. I've seen what people can do when they are able to nose into the privacy of others, and I find it astounding how thoughtless, careless, and even cruel, malicious and evil people can be when they sense they have an advantage... just think Steubenville, and then realize Steubenville is an extremely mild example compared to others.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • phillyphotogmagee
      By phillyphotogmagee
      Ok, I have a feeling that this is a larger Windows 10 issue, but I am experiencing this with the Surface Pro 4, the ideal test hardware for anything 
       
      Microsoft, right?
       
      Here is what we are trying to accomplish:
       
      Encyrypt our Surface Pro 4's (win 10 Pro) using Hardware-Based Encryption
       
      Why?
      A) Because it is faster for the SSD to perform the encryption rather than the process, since the SSD is already encrypted
      Better battery life (because the processor is not encrypting the volume)
      C) Performing software encryption on an already encrypted volume defeats many of the internal optimizations that SSDs have built in (leading to 
       
      slower performance)
       
      How?
      We have taken stock Surface Pro 4s, straight from the box.  No applications or updates have been installed, we have not added to a domain.  The only 
       
      modification we have made is to the Local Group Policy:
       
      Computer Configuration/Administrative Templates/Windows Components/Bitlocker Drive Encryption/Operating System Drives
       
      *Require additional authentication at startup (Enabled, default options)
      *Enable use of BitLocker Aauthentication requireing preboot keyboard input on slates (Enabled, default options)
      -Configure use of hardware-based encryption for operating system drives (Enabled, default options)
       
      What's Wrong:
      When I go to enable Bitlocker, I am being provided the prompt to encrypt Used Only, or Whole Drive.  From all of the literature I have read, this 
       
      prompt indicates Software Encryption.  When I select Full Drive, it takes a while (over 10 minutes) to encrypt. Again, from my reading, Hardware 
       
      Encryption should be immediate (as everything is already encrypted).
       
      Question:
      What am I missing?  Is there an issue with Hardware Encryption that I have not been able to identify on the Surface Pro 4?  Is this an OS issue? Are 
       
      there any other troubleshooting steps that I can take a look at?  Again, these are stock units, fresh out of the box from Microsoft.
       
       
      Sources (these are just some, all have been verified using additional sources that repeat the information):
      Slower Performance- Hardware Accelerated BitLocker Encryption: Microsoft Windows 8 eDrive Investigated with Crucial M500
        http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500
       
      Steps to enable encryption- How to Enable BitLocker Hardware Encryption with SSDs
        https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/
       
      Technet on Why to Hardware Encrypt - Encrypted Hard Drive
        https://technet.microsoft.com/en-us/library/hh831627.aspx
       
      GP Settings to Enable Hardware Encryption - Enabling Hardware Acceleration of BitLocker
        http://blog.jflamb.com/enabling-hardware-acceleration-of-bitlocker/
    • usacic
      By usacic
      I have been having lots of issues with my Surface 2, 90% of the time I reboot or boot my surface it requests my bitlocker key. Is anyone else having this issue? Did anyone manage to fix it?
×
×
  • Create New...