Although DEP (Data Executive Prevention) exist for a good reason but there might be time where you need to disable DEP for some good reasons as well (e.g. to perform troubleshooting).
Prior to Windows Vista, you can edit the “boot.ini” through the “Startup and Recovery” window by click on the “Edit” button to enable or disable DEP.
However, you can’t do the same thing for Vista and beyond.
For Windows Vista and beyond (e.g. Windows 7, Windows 2008), you will need to use the BCDEdit command to set the option in the Windows boot configuration data store (BCD).
You can set DEP to be AlwaysOn, AlwaysOff, OptIn and OptOut. The explanation for each option can be found at http://msdn.microsoft.com/en-us/library/ff542202.aspx.
To set the option for DEP, start the command prompt in Administrator/Elevated mode and use bcdedit to set the value of the nx datatype.
- bcdedit /set nx OptIn to set DEP to OptIn
- bcdedit /set nx OptOut to set DEP to OptOut
- bcdedit /set nx AlwaysOn to set DEP to AlwaysOn
- bcdedit /set nx AlwaysOff to set DEP to AlwaysOff
You will need to reboot the machine after running the command to have the setting take effect.
You can check the status of DEP by going to ‘System Properties”, click on “Advanced” tab and click on the “Settings…” button in the “Performance” group.
Click on the “Data Execution Prevention” tab.
If the “Turn on DEP for essential Windows programs and services only” radio button is selected, DEP is set to OptIn.
If the “Turn on DEP for all programs and services except those I select:” radio button is selected, DEP is set to OptOut.
If both the radio buttons are not selected and greyed out, DEP can either be AlwaysOn or AlwaysOff.
Another way to check the status is to run the bcdedit command without any parameter.
Hopefully I don’t need to play around with this setting too often.
No comments:
Post a Comment