1. Commerce
  2. NetSuite Point of Sale (NSPOS)
  3. NSPOS Administrator Guide
  4. Appendix: Preventing the Accidental Capture of Sensitive Information in Windows
  5. Preventing the Accidental Capture of Sensitive Information in Windows 10

Preventing the Accidental Capture of Sensitive Information in Windows 10

Apply these procedures on registers running NetSuite Point of Sale (NSPOS) to help prevent Windows 10 from temporarily retaining or reporting information that might be considered "sensitive" or "personally identifiable information (PII)."

The overall steps are:

1. Disable System Restore

This Windows 10 procedure stops Windows from creating restore files that may contain sensitive information.

To disable System Restore in Windows 10:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    Windows 10 This PC

  3. Select From the System menu, open the Advanced System Settings tab.

  4. Open the System Protection tab.

  5. If you have more than one drive, select the drive that contains the NSPOS app and database.

  6. Click Configure.

    Windows 10 System Protection

  7. Select Disable system protection.

    Wiindows 10 Disable System Protection

  8. Click Apply and OK to close the System Protection window.

  9. Click OK to close the System Properties window.

  10. Restart the computer.

2. Optionally Enable No paging file

By default, Windows 10 creates a "paging file" to hold information when the installed RAM (random access memory) hardware is full. The file is stored in the computer's virtual memory.

  • If you use an SSD (solid state drive) for disk storage, SSD manufacturers often document that you should disable the paging file feature.

  • If you use a traditional drive for disk storage, disabling the paging file feature is considered to be optional. If you do not want to disable the paging file feature, go to 3. Next Steps – Is No paging file Enabled?.

The paging file feature is "disabled" by enabling No paging file.

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory.

To enable No paging file:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    Windows 10 This PC

  3. From the System menu, select Advanced System Settings.

    Win 10 Advanced System Settings

  4. Open the Advanced tab.

  5. Under Performance, click Settings.

    Advanced Settings

  6. Open the Advanced tab.

  7. Under Virtual memory, click Change.

    Advanced tab change

  8. Clear the Automatically manage paging file size for all drives box.

  9. Select No paging file and click OK.

    No Paging File option

3. Next Steps – Is No paging file Enabled?

The next Windows 10 procedures are based on whether you enabled "No paging file."

3A. Encrypt PageFile.sys

These steps cause Windows 10 to encrypt temporary data that might be held in PageFile.sys. The procedure requires your hard drive to have been formatted using NTFS.

Perform these steps only if you did not enable "No paging file."

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory. See 2. Optionally Enable No paging file.

To encrypt PageFile.sys"

  1. Enter cmd in the Windows Start search field.

  2. Right-click Command Prompt and select Run as Administrator.

  3. Enter the following command to verify the current configuration:

    fsutil behavior query EncryptPagingFile

    PageFile encryption status

    The result is the current status for PageFile encryption:

    • EncryptPagingFile = 1 means that encryption is enabled

    • EncryptPagingFile = 0 means that encryption is disabled

  4. If EncryptPagingFile = 0, enter this command to enable encryption:

    fsutil behavior query EncryptPagingFile 1

    Tip:

    If you later need to disable PageFile.sys encryption, enter:

    fsutil behavior query EncryptPagingFile 0

  5. Enter exit to close the command prompt window.

3B. Clear PageFile.sys upon Shutdown

Windows 10 can automatically remove the contents of PageFile.sys when you shutdown the computer. Enabling this setting will cause shutdown to purge all temporary data held in PageFile.sys. Temporary data can include system and application passwords, cardholder data (PAN/Track), and other sensitive information.

Note that setting Windows to automatically clear PageFile.sys can increase the time needed to complete the shutdown process.

Perform these steps only if you did not enable "No paging file."

Important:

Per SSD (solid state drive) hardware manufacturers, computers using an SSD should enable the No paging file setting to prevent Windows from holding information in virtual memory. See 2. Optionally Enable No paging file.

To enable clear PageFile.sys upon shutdown:

  1. Enter regedit in the Windows Start search field.

  2. Right-click regedit.exe (Registry Editor) and select Run as Administrator.

  3. Go to HKLM > System > CurrentControlSet > Control > Session Manager > Memory Management.

    Windows 10 Regedit

  4. For ClearPageFileAtShutdown DWORD, change the value from 0 to 1.

    Note:

    If the value name, value type, and value do not exist, add the following:

    • Value Name: ClearPageFileAtShutdown

    • Value Type: REG_DWORD

    • Value: 1

  5. Click OK and close the Registry Editor.

3C. Disable System Management for PageFile.sys

This procedure disables Windows 10 management of PageFile.sys.

Perform these steps only if you did not enable "No paging file."

Important:

If you use an SSD (solid state drive) for storage, the option No paging file should be enabled. If so, you can skip this procedure.

To disable system management of PageFile.sys:

  1. Open File Explorer.

  2. Right-click This PC and select Properties.

    This PC properties

  3. From the System menu, select Advanced System Settings.

    Win 10 Advanced System Settings

  4. Open the Advanced tab.

  5. Under Performance, click Settings.

    Advanced tab settings

  6. Open the Advanced tab.

  7. Under Virtual Memory, click Change.

    Advanced tab change

  8. Clear the box for Automatically manage page file size for all drives.

    Virtual memory size

  9. Select Custom Size.

  10. Enter the following:

    • Initial Size: Size should equal the memory installed on the computer

    • Maximum Size: Size should equal to twice the memory installed

  11. Click OK as needed to close the menus.

  12. Restart the computer.

4. Disable Windows Error Reporting

Windows Error Reporting collects information about any hardware or application issues it might encounter. By default, the reports are sent to Microsoft for analysis. Follow these steps to disable this reporting feature.

To disable Windows Error Reporting:

  1. Using your keyboard, press and hold the Windows key and enter the letter I.

  2. Select Control Panel.

  3. Open the Action Center.

  4. Select Change Action Center Settings.

    Action center

  5. Select Problem reporting settings.

    Problem Reporting settings

  6. Choose Never check for solutions.

    Never check for solutions

  7. Click OK as needed to close the Action Center.

Related Topics

TBD

General Notices