How To Enable or Disable DEP In Windows XP, Vista or windows 7?

By Techblissonline Staff Updated on 19th April 2014 Filed Under: Windows Tips

Earlier we covered DEP (Data Execution Prevention In Windows) and the modes of enforcing it namely, Hardware-enforced DEP and software-enforced DEP. This article will explain the steps to configure DEP.

Configuring DEP:

Hardware-enforced and software-enforced DEP are configured in the same manner. If the system-wide DEP policy is set to OptIn, the same Windows core binaries and programs will be protected by both hardware-enforced and software-enforced DEP. If the system cannot use hardware-enforced DEP, the Windows core binaries and programs will be protected only by software-enforced DEP.Similarly, if the system-wide DEP policy is set to OptOut, programs that have been exempted from DEP protection will be exempted from both hardware-enforced and software-enforced DEP.

DEP configuration for the system is controlled through switches in the Boot.ini file of Windows.The Boot.ini file settings are as follows:

/noexecute=policy_level

where policy_level is defined as AlwaysOn, AlwaysOff, OptIn, or OptOut.

Existing /noexecute settings in the Boot.ini file are not changed when Windows XP SP2 is installed. These settings are also not changed if a Windows operating system image is moved across computers with or without hardware-enforced DEP support.During installation of Windows XP SP2 or Windows vista, the OptIn policy level is enabled by default unless a different policy level is specified in an unattended installation. If the /noexecute=policy_level setting is not present in the Boot.ini file for a version of Windows that supports DEP, the behavior is the same as if the /noexecute=OptIn setting was included.

How to turn on/off DEP in Windows XP, windows Vista or Windows 7?

In windows XP,

  • Log in as administrator
  • Click the Startmenu, right-click on My Computer and Choose “Properties” from the context menu.
  • On the “System Properties” window, click the “Advanced” tab .
  • click settings button under Performance
  • click the “Data Execution Prevention” tab
  • choose either “Turn on DEP for all programs and services except those I select:” or “Turn on DEP for essential Windows programs and services only to select the OptIn policy”
  • If you choose “Turn on DEP for all programs and services except those I select:“, click Add to add the programs that you do not want to use the DEP feature.
  • Click OK twice
  • Restart the computer for the changes to take effect

In Windows 7 or Windows Vista,

  • Log in as administrator
  • Click the Start orb and right-click “Computer”
  • Choose “Properties” from the context menu.
  • Choose “Advanced system settings” from under “Tasks” in the left pane.
  • Approve the User Account Control query (You will have to be an administrator to do it).
  • Click the button “Settings” in the Performance section.
  • Click the tab “Data Execution Prevention”
  • choose either “Turn on DEP for all programs and services except those I select:” or “Turn on DEP for essential Windows programs and services only to select the OptIn policy”
  • If you choose “Turn on DEP for all programs and services except those I select:”, click Add to add the programs that you do not want to use the DEP feature.
  • Click OK twice
  • Restart the computer for the changes to take effect

Note that 64-bit versions of Windows automatically enforce DEP for all programs.

If you want to define policy_level as AlwaysOn or AlwaysOff, you must do it directly via Boot.ini file as detailed below:

  • Log in as administrator
  • Click Start, right-click My Computer, and then click Properties.
  • Click the Advanced tab, and then click Settings under the Startup and Recovery field.
  • In the System startup field, click Edit. The Boot.ini file opens in Notepad.
  • In Notepad, click Find on the Edit menu.
  • In the Find what box, type /noexecute, and then click Find Next.
  • In the Find dialog box, click Cancel.
  • Replace policy_level with AlwaysOn or AlwaysOff, as you may want. But make sure that you enter the text accurately. For eg., if you want to set it as AlwaysOn, Boot.ini file switch should read as /noexecute=AlwaysOn
  • click Save on the File menu in notepad to save the configuration
  • Restart the computer for the changes to take effect

In order to determine What DEP Policies are in effect, open a command prompt and enter the following command:

wmic OS Get DataExecutionPrevention_SupportPolicy

The command will return 0, 1, 2 or 3 which stands for AlwaysOff, AlwaysOn, OptIn or OptOut respectively. Note that 2 (OptIn) is the default configuration.

That is all about DEP configuration in windows!

View ratings
Rate this article

People who read this also viewed these helpful relevant videos

Loading...

Leave a Reply

Go to Top