XP SP2: How to Turn Off the Data Execution Prevention feature (DEP)

Contributor Icon Contributed by MickeyMouse Date Icon August 12, 2004  
Tag Icon Tagged: Windows

No-execute and execute protection are all names for DEP. This process feature increases security, but may cause problems with certain programs.


Several OSs have no-execute or execute protection. Microsoft has added this as well in SP2 with data execution prevention (DEP). This precents code execution in memory regions already marked as storage. This is a powerful tool against buffer overrun exploits.

If a program is failing and you want to disable DEP to see if that is the cause. Here are the steps. (Just disable DEP for the program in question… don’t disable it for your whole system.)

    1. Click Start
    2. Select Control Panel
    3. Select System
    4. Click the Advanced tab
    5. In the Performance region select Settings
    6. Click the Data Execute tab in the dialog box that opens
    7. Select Turn on DEP for all programs and services except for those I select
    8. Click Add.
    9. The open dialog box will open. Browse and select your application.
    10. Click Open
    11. Click Apply
    12. Click Ok
    13. Reboot
Previous recipe | Next recipe |
 

Viewing 42 Comments

    • ^
    • v
    If you want to disable it global, edit boot.ini and change noexecute to execute.

    [boot loader]
    timeout=0
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /fastdetect /noguiboot /execute=optin
    • ^
    • v
    dude when i tried that my comp but comp keeps restarting wont even boot.omg! what have i done? T___T
    help anyone?
    • ^
    • v
    you just added /noguiboot to your system boot command, congratz.
    • ^
    • v
    See this Microsoft article about the limitations of DEP:

    http://www.microsoft.com/technet/prodtechnol/wi...

    Not all of it works on all processors, for example.

    See this enigmatic sentence:

    "By default, software-enforced DEP only protects limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor."

    What are "limited system binaries"?
    • ^
    • v
    These are some new/updated system files that come with SP2...so it just watches some MS files for errors *goodluck* ;)
    • ^
    • v
    To disable DEP by modifying the Boot.ini file, change the /noexecute policy level to alwaysoff.

    /NoExecute=AlwaysOff
    • ^
    • v
    <ul id="quote"><h6>webworm99 wrote:</h6>To disable DEP by modifying the Boot.ini file, change the /noexecute policy level to alwaysoff.

    /NoExecute=AlwaysOff</ul>

    My pc would crash randomly while playing UT or looping one of the 3dmarks before this. I was getting so frustrated, so I tried this on a whim and left 3dmark 03 on all night. What a joy when I was startled out of bed by the sound benchmarks at the end ;-) It ran for over 10 hrs and I'll be testing UT soon. Thanks webworm99!!!!

    Jod ;-)
    • ^
    • v
    I dragged 2 x JPGs from a CD to the "My Pictures" folder. I immediately got a DEP error which forced Explorer to close.
    (Perhaps foolishly) I got the JPGs into the folder by opening them and used "save as" to put them into "My Pictures".
    Now - whenever I try to open the "My Pictures" folder - DEP stops Windows Explorer and causes it to close. But note I can still access other folders without problem.
    I've now deleted both JPGs (I had to use 'Search' to get access to the files). I deleted them from the recycle bin too. But I still get the DEP when I try to access "My Pictures".
    What can I do to fix?
    I am reluctant to disable DEP on Windows Explorer. What are the dangers?

    Background: I recently installed SP2. The "My Pictures" folder is large (1430 files and 1 x sub folder). I used AVG to scan the folder before I deleted the offending JPGs (no eror reported). I am running XPs firewall as installed at SP2 upgrade time.

    I have an option to use restore and go back 3 days - but I'd prefer to avoid this if possible.

    Any help/suggestions would be appreciated.
    Thanks.
    John
    • ^
    • v
    See my post above & try disabling dep. Reboot.
    • ^
    • v
    Thanks webworm.

    I noticed your suggestion to disable dep. But as I said - I'm reluctant to do this (even for Explorer only) as I'd loose the benefits of dep.

    If someone could assure me that loosing dep is not a big loss I'd feel better about the idea. (Better still - explain where the problem is and what is the fix?).
    • ^
    • v
    <ul id="quote"><h6>Guest wrote:</h6>Thanks webworm.
    If someone could assure me that loosing dep is not a big loss I'd feel better about the idea. (Better still - explain where the problem is and what is the fix?).</ul>

    I could not assure that this is the problem. However, Since you have xp sp2. Here are something you could try. You can always go back.

    Update your graphics driver (From the manufacture website not windows update.)or roll-back to the original driver you had. If you go back to the original driver, when using windows update and if it detects the graphics cards needs updating. Just hide that update.

    Some virus protection programs can cause this as well.

    Right Click on my computer, Advanced tab, Performances setting , Data execution prevention tab. Turn on dep for all program and services except those I select.

    You might make a system restore point before trying any of these tips.
    • ^
    • v
    Spent two hours last night trying to work out why the hell my friends printer decided to stop working since he installed XP Pro on a new hard drive on a new PC (64bit Athlon).

    It was a HP5552 using the latest "basic" driver from hp.com, but it would not print from Windows, not even a test page. We could copy raw text to LPT1: using a command prompt just fine, but no printing from the GUI.

    After checking absolutely everything, I thought to check DEP to see if it was turned on - it was - his CPU supports DEP and it was fully on. Altered it to the basic setting, rebooted and voila - printer test pages suddenly started working again. 8O

    I'm seriously going off Windows. :(
    • ^
    • v
    If i try to write NoExecute=AlwaysOff in the boot.ini file, and tryes to save, it says that it cannot create file...
    • ^
    • v
    Hey, i dont know if im posting this in the right place, but i thought its worth a try anyway! Ive recently bought a new computer (i usually get a friend to build one for me.. but this time i found a package from evesham i coudln't resist).. but anyway.. as its been bought rather than built its come with a proper legal copy of XP. lol

    Im having trouble installing all my programs now (most of which are various design packages bought for around £1 in Malaysia.. i think you get what im saying here...).
    I keep getting "C:windowssystem32autoexec.nt. The system file is not suitable for running MS-DOS and microsoft windows applications. ChooseClose to terminate the application." (the ignore button does nothing)
    i know these programs all work perfectly as i have used them previously on both copies of XP and win2K.

    I dont know if its something im doing wrong... or theres a box somewhere i need to check, or if its something more indepth! Im not so good with this stuff haha
    if anyone has any suggestions id be really grateful cos ive got a super dooper computer i cant actually use at the moment!
    Thanks!
    • ^
    • v
    to write and save to the boot.ini file you first have to right-click, go to properties and uncheck read-only
    • ^
    • v
    Doesn't the Optin policy in DEP provide a list to include executables that should be protected?
    • ^
    • v
    im getting this error too :(
    • ^
    • v
    <ul id="quote"><h6>webworm99 wrote:</h6>To disable DEP by modifying the Boot.ini file, change the /noexecute policy level to alwaysoff.

    /NoExecute=AlwaysOff</ul>

    What's the difference between noexecute and alwaysoff ??
    • ^
    • v
    <ul id="quote"><h6>Anonymous wrote:</h6>Spent two hours last night trying to work out why the hell my friends printer decided to stop working since he installed XP Pro on a new hard drive on a new PC (64bit Athlon).

    It was a HP5552 using the latest "basic" driver from hp.com, but it would not print from Windows, not even a test page. We could copy raw text to LPT1: using a command prompt just fine, but no printing from the GUI.

    After checking absolutely everything, I thought to check DEP to see if it was turned on - it was - his CPU supports DEP and it was fully on. Altered it to the basic setting, rebooted and voila - printer test pages suddenly started working again. 8O

    I'm seriously going off Windows. :(</ul> I've recently run into a similar situation. DEP errors were hitting me left and right; mostly inside windows explorer. Changing the radio butten (inside system properties-DEP) allows you to exclude DEP for an app (in this case windows explorer), but prevents you from printing to an HP printer (in my case the psc 1210xi). Right now my choices are to either live with the DEPs in windows explorer, OR be able use my printer.

    Short of disabling DEP for everything, are there any other options? If not, how do I disable DEP?
    • ^
    • v
    If you can't disable DEP for the printer driver, the only other option is to disable it completely.

    Searching for your printer on google, I can't find anybody else having this sort of problem...

    Try to disable DEP completely as previously described in this thread, and see if that helps.
    • ^
    • v
    <ul id="quote"><h6>violatorxxx wrote:</h6>If you want to disable it global, edit boot.ini and change noexecute to execute.

    [boot loader]
    timeout=0
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /fastdetect /noguiboot /execute=optin</ul>


    how to chane it
    will any one give a detail about that
    • ^
    • v
    1. Open Windows Explorer
    2. Tools > Folder Options > View
    3. Uncheck "Hide Protected operating system files (Recommended)" and "Hide extensions for knows file types"
    4. Click apply, and OK
    5. Go to c:
    6. Right click on boot.ini, select properties and ensure the "read-only" tab is unchecked and click OK
    7. Double-Click boot.ini
    8. Modify /noexecute= for example /noexecute=AlwaysOff to disasble completely
    9. File > Save As
    10. Filename: "boot.ini" (with the quotes) Save As Type:All Files Encoding: Ansi
    11. After Saving, close file.
    12. Right click on boot.ini, select properties and ensure the "read-only" tab is checked and click OK
    13. Reboot