Microsoft

Tech Tip: Clear the page file/Customize HTTP error messages

Windows 2000 Professional: Clear the page file

Notebook computers pose many of the same security risks as desktop computers and servers, but they pose some unique risks as well. For example, it's much more likely for a notebook computer to be stolen than a desktop PC.

If a notebook is stolen, the thief can often easily gain access to the notebook's files, even without having user credentials for the system. Systems using a FAT file system are particularly at risk. You can minimize the risk to these systems by using NTFS and encryption for sensitive files.

The Windows page file, which Windows uses for virtual memory, is another potential source of sensitive data. Some applications store user credentials in memory as plain text, and it's possible that those credentials could end up in the page file. As a result, these credentials can be hacked from the page file on a stolen notebook.

If you need to ensure the highest possible security for your systems, whether notebook or desktop, consider configuring the systems to clear the page file at shutdown. Set the following registry value to 1 to cause Windows to clear the page file during shutdown:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown

After changing this value, you must restart the computer for the change to take effect. Shutting down or restarting the computer a second time will clear the page file.

Note: Editing the registry is risky. Before making any registry edits, be sure to back up the registry so you can restore it if something goes wrong.

Windows 2000 Server: Customize HTTP error messages

Whether your Web site serves a small intranet or a global public, errors are inevitable when users browse a site. IIS uses a set of basic error messages to provide information to users when an error occurs. You can edit these error messages to have IIS display a custom error message.

Using custom messages can help users overcome the error. For example, if a user requests a nonexistent page, provide a page that shows a site map, provides search capabilities, or redirects the user to the site's home page, rather than displaying a 404 error that indicates the file wasn't found.

To view IIS's list of error messages, go to the Web site's Properties: Open the IIS console, right-click the virtual server, and choose Properties. Click the Custom Errors tab to view the list of HTTP errors and the file or messages that IIS displays when a specified error occurs.

The content you use for a custom help page depends on the error and the information you want to present to the user when the error occurs. You can customize the files included with IIS or create a custom file. You can specify a file on the server or a URL; just select the error code in the Custom Errors tab, click Edit, and enter the filename or URL.

Editor's Picks