How to Allow or Prevent Users and Groups to Create a Pagefile in Windows 10
Paging is a memory management scheme by which a PC stores and retrieves data from secondary storage for use in main memory. In this scheme, the operating system retrieves data from secondary storage in same-size blocks called pages. Paging is an important part of virtual memory implementations in modern operating systems, using secondary storage to let programs exceed the size of available physical memory.
For simplicity, main memory is called "RAM" (abbreviated from "random-access memory") and secondary storage is called "disk" (a shorthand for "hard disk drive"), but the concepts do not depend on whether these terms apply literally to a specific computer system.
Virtual memory is a memory management technique that is implemented using both hardware and software. It maps memory addresses used by a program, called virtual addresses, into physical addresses in computer memory. Main storage as seen by a process or task appears as a contiguous address space or collection of contiguous segments. Windows manages virtual address spaces and the assignment of real memory to virtual memory. Address translation hardware in the CPU, often referred to as a memory management unit or MMU, automatically translates virtual addresses to physical addresses. Software within Windows may extend these capabilities to provide a virtual address space that can exceed the capacity of real memory and thus reference more memory than is physically present in the computer.
The primary benefits of virtual memory include freeing applications from having to manage a shared memory space, increased security due to memory isolation, and being able to conceptually use more memory than might be physically available, using the technique of paging.
Basically, a paging file is an area on the hard disk that Windows uses as if it were RAM when you run out of available RAM.
By default, only Administrators are allowed to create a pagefile.
See also: Create a pagefile - security policy setting (Windows 10) | Microsoft Docs
This tutorial will show you how to allow or prevent specific users and groups to create a pagefile in Windows 10.
You must be signed in as an administrator to allow or prevent users and groups to create a pagefile.
CONTENTS:
- Option One: Allow Users and Groups to Create a Pagefile in Local Security Policy
- Option Two: Prevent Users and Groups to Create a Pagefile in Local Security Policy
- Option Three: Allow or Prevent Users and Groups to Create a Pagefile in Command Prompt
OPTION ONE
Allow Users and Groups to Create a Pagefile in Local Security Policy
Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option Three below.
1. Press the
Win+R keys to open Run, type
secpol.msc into Run, and click/tap on
OK to open Local Security Policy.
2. Expand open
Local Policies in the left pane of Local Security Policy, click/tap on
User Rights Assignment, and double click/tap on the
Create a pagefile policy in the right pane. (see screenshot below)
3. Click/tap on the
Add User or Group button. (see screenshot below)
4. Click/tap on the
Advanced button. (see screenshot below)
5. Click/tap on the
Object Types button. (see screenshot below)
6. Check all the boxes for Object types, and click/tap on the
OK. (see screenshot below)
7. Click/tap on the
Find Now button, select the name of the
user or group (ex: "Users") you want to add, and click/tap on
OK. (see screenshots below)
If you like, you can press and hold the Ctrl key to select more than one user and/or group.
8. Click/tap on
OK. (see screenshot below)
9. Click/tap on
OK. (see screenshot below)
10. When finished, you can close Local Users and Groups if you like.
OPTION TWO
Prevent Users and Groups to Create a Pagefile in Local Security Policy
Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option Three below.
1. Press the
Win+R keys to open Run, type
secpol.msc into Run, and click/tap on
OK to open Local Security Policy.
2. Expand open
Local Policies in the left pane of Local Security Policy, click/tap on
User Rights Assignment, and double click/tap on the
Create a pagefile policy in the right pane. (see screenshot below)
3. Select the
user or group (ex: "Users") you want to remove, and click/tap on the
Remove button. (see screenshot below)
If you like, you can press and hold the Ctrl key to select more than one user and/or group.
4. Click/tap on
OK. (see screenshot below)
5. When finished, you can close Local Users and Groups if you like.
OPTION THREE
Allow or Prevent Users and Groups to Create a Pagefile in Command Prompt
1. If you haven't already, you will need to do the following below before continuing on to
step 2 below.
A) Download the
ntrights.exe file below from the
Windows Server 2003 Resource Kit Tools.
B) Save the
ntrights.zip file to your desktop, and
unblock it.
C) Open the
ntrights.zip file, copy or move the
ntrights.exe file into your
C:\Windows\System32 folder, and click/tap on
Continue to approve.
2. Open an
elevated command prompt.
3. Type the command you want below into the elevated command prompt, and press
Enter.
(Add user or group to allow)
ntrights +r SeCreatePagefilePrivilege -u "User or Group"
OR
(Remove user or group to prevent)
ntrights -r SeCreatePagefilePrivilege -u "User or Group"
Substitute User or Group in the command above with the actual name of the user or group (ex: "Users") you want to add or remove for this policy.
Do not remove LOCAL SERVICE since this is used by Windows.
For example: ntrights +r SeCreatePagefilePrivilege -u "Users"
4. When finished, you can close the elevated command prompt if you like.
That's it,
Shawn