Microsoft KB Archive/278256

= Registry Keys Used to Tune EFS Caching =

Article ID: 278256

Article Last Modified on 1/15/2006

-

APPLIES TO


 * Microsoft Windows XP Professional

-



This article was previously published under Q278256





SUMMARY
In Microsoft Windows 2000, there are no options to adjust the cache-validation time for either the user or for Kernel mode Encrypting File System (EFS) caches. However, for faster performance, Microsoft Windows XP provides the flexibility to adjust the cache-validation time for both the Kernel and User mode components of EFS. This article provides and describes registry keys that you can use to tune EFS caching.



MORE INFORMATION
You can use the following registry values to tune EFS caching:   Key: HKLM\System\CurrentControlSet\Services\NTFS\EFS\Parameters Value name:   EFSKCACHEPERIOD Value type:   REG_DWORD Default value: 5 Minimum value: 2 Maximum value: 30 Description:  The number of seconds the kernel will cache the session key for a user for a given file. The Kernel will not validate the user credentials during this cache period. This has the net effect of faster access to encrypted files that may be opened several times during a given time period.

Cached session keys are stored in nonpaged pool memory. Increasing the value of EFSKCACHEPERIOD will result in higher usage of nonpaged pool memory. This increased nonpaged pool usage might cause problems for some machines, especially machines that are trusted for delegation for remote encryption.

Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\EFS Value name:   KeyCacheValidationPeriod Value type:   REG_DWORD Default value: 3600 (1 hour) Minimum value: 60 Maximum value: 86400 (1 day) Description:  The number of seconds that the user-mode component of                  EFS will cache a user's certificate chain. Adjusting the user mode cache validation time upwards will improve the performance of systems that use EFS operations frequently.

When EFS operations are in use, processing time is needed for the system to obtain and validate the certificates and keys. This will significantly slow system performance if the user mode cache validation time is set too low.

The higher the user mode cache validation setting, the less often the system validates; the lower the setting, the more often the system validates. If EFS security is a priority in your system, then you will want appropriate EFS credentials to be validated more frequently. For maximum security, the lowest setting will provide the most frequent validation.

Additional query words: encryption encrypting file system regedit non-paged

Keywords: kbcertservices kbefs kbenv kbinfo KB278256

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.