1. Commerce
  2. NetSuite Point of Sale (NSPOS)
  3. NSPOS Administrator Guide
  4. Appendix: Preventing the Accidental Capture of Sensitive Information in Windows
  5. Preventing the Accidental Capture of Sensitive Information in Windows 11

Preventing the Accidental Capture of Sensitive Information in Windows 11

Apply these procedures on registers running NetSuite Point of Sale (NSPOS) to help prevent Windows 11 from temporarily retaining or reporting information that might be considered "sensitive" or "personally identifiable information (PII)."

The overall steps are:

1. Disable System Restore

This Windows 11 procedure stops Windows from creating restore files that may contain sensitive information.

To disable System Restore:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    This PC Properties

  3. Select From the System menu, open the Advanced System Settings tab.

    Advanced system settings tab

  4. Open the System Protection tab.

    Tip:

    If you have more than one drive, select the drive that contains the NSPOS app and database.

  5. Click Configure.

    Configure System Protection

  6. Select Disable system protection.

    Disable System Protection

  7. Click Apply and OK to close the System Protection window.

  8. Click OK to close the System Properties window.

  9. Restart the computer.

2. Optionally Enable No paging file

By default, Windows 11 creates a "paging file" to hold information when the installed RAM (random access memory) hardware is full. The file is stored in the computer's virtual memory.

  • If you use an SSD (solid state drive) for disk storage, SSD manufacturers often document that you should disable the paging file feature.

  • If you use a traditional drive for disk storage, disabling the paging file feature is considered to be optional. If you do not want to disable the feature, go to 3. Next Steps – Is No paging file Enabled?.

The paging file feature is "disabled" by enabling No paging file.

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory.

To enable No paging file:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    This PC Properties

  3. From the System menu, select Advanced System Settings.

    Advanced system settings tab

  4. Open the Advanced tab.

  5. Under Performance, click Settings.

    Advanced Settings

  6. Open the Advanced tab.

  7. Under Virtual memory, click Change.

    Advanced tab change

  8. Clear the Automatically manage paging file size for all drives box.

  9. Select No paging file and click OK.

    No Paging File option

3. Next Steps – Is No paging file Enabled?

The next Windows 11 procedures are based on whether you enabled "No paging file."

3A. Encrypt PageFile.sys

These steps cause Windows 11 to encrypt temporary data that might be held in PageFile.sys. The procedure requires your hard drive to have been formatted using NTFS.

Perform these steps only if you did not enable "No paging file."

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory. See 2. Optionally Enable No paging file.

To encrypt PageFile.sys"

  1. Enter cmd in the Windows Start search field.

  2. Right-click Command Prompt and select Run as Administrator.

  3. Enter the following command to verify the current configuration:

    fsutil behavior query EncryptPagingFile

    PageFile encryption status

    The result is the current status for PageFile encryption:

    • EncryptPagingFile = 1 means that encryption is enabled

    • EncryptPagingFile = 0 means that encryption is disabled

  4. If EncryptPagingFile = 0, enter this command to enable encryption:

    fsutil behavior query EncryptPagingFile 1

    Tip:

    If you later need to disable PageFile.sys encryption, enter:

    fsutil behavior query EncryptPagingFile 0

  5. Enter exit to close the command prompt window.

3B. Clear PageFile.sys upon Shutdown

Windows 11 can automatically remove the contents of PageFile.sys when you shutdown the computer. Enabling this setting will cause shutdown to purge all temporary data held in PageFile.sys. Temporary data can include system and application passwords, cardholder data (PAN/Track), and other sensitive information.

Note that setting Windows to automatically clear PageFile.sys can increase the time needed to complete the shutdown process.

Perform these steps only if you did not enable "No paging file."

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory. See 2. Optionally Enable No paging file.

To enable clear PageFile.sys upon shutdown:

  1. Enter regedit in the Windows Start search field.

  2. Right-click regedit.exe (Registry Editor) and select Run as Administrator.

  3. Go to HKLM > System > CurrentControlSet > Control > Session Manager > Memory Management.

    Windows 10 Regedit

  4. For ClearPageFileAtShutdown DWORD, change the value from 0 to 1.

    Note:

    If the value name, value type, and value do not exist, add the following:

    • Value Name: ClearPageFileAtShutdown

    • Value Type: REG_DWORD

    • Value: 1

  5. Click OK and close the Registry Editor.

3C. Disable System Management for PageFile.sys

This procedure disables Windows 11 management of PageFile.sys.

Perform these steps only if you did not enable "No paging file."

Important:

If you use an SSD (solid state drive) for storage, the option No paging file should be enabled. If so, you can skip this procedure.

To disable system management of PageFile.sys:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    This PC

  3. From the System menu, select Advanced System Settings.

    Advanced System Settings

  4. Open the Advanced tab.

  5. Under Performance, click Settings.

    Advanced tab settings

  6. Open the Advanced tab.

  7. Under Virtual Memory, click Change.

    Advanced tab change

  8. Clear the box for Automatically manage page file size for all drives.

    Virtual memory size

  9. Select Custom Size.

  10. Enter the following:

    • Initial Size: Size should equal the memory installed on the computer

    • Maximum Size: Size should equal to twice the memory installed

  11. Click OK as needed to close the menus.

  12. Restart the computer.

4. Disable Windows Error Reporting

Windows Error Reporting collects information about any hardware or application issues it might encounter. By default, the reports are sent to Microsoft for analysis. Follow these steps to disable this reporting feature.

To disable Windows Error Reporting:

  1. Enter services in the Windows Start search field.

  2. Right-click Services and select Run as Administrator.

    Services

  3. Right-click Windows Error Reporting Service and select Properties.

    Windows Reporting Services

  4. Set the Startup type to Disabled.

    Windows Reporting Services Properties

  5. Click OK as needed to close the Services windows.

  6. Restart the computer.

  7. Verify that Windows Error Reporting Service is disabled:

    1. Enter Control Panel in the Windows Start search field.

      Control Panel

    2. Select Security and Maintenance.

      Security and Maintenance

    3. Select Maintenance.

      Maintenance

    4. Report problems should be set to Off.

      Report problems

Related Topics

TBD

General Notices