top of page

Disable Windows Memory Dumps

 

By disabling Memory Dumps its no longer possible to recover the dump file and extract secure data that is held in memory in the clear.

<#
.Synopsis
Disables Windows Memory Dumps

.Description

Disabled Memory Dump to prevent extracting cleat text passwords using WinDbg 

0 = None
1 = Complete Memory Dump
2 = Kernel Memory Dump
3 = Small Memory Dump
7 = Automatic Memory Dump (Default)

.Version

#>

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl' -name CrashDumpEnabled -Value 0 -Force

bottom of page