Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

The "Understanding Data Execution Prevention" help topic incorrectly states the default setting for DEP in Windows Server 2003 Service Pack 1


View products that this article applies to.

Symptoms

The "Understanding Data Execution Prevention" help topic in Microsoft Windows Server 2003 with Service Pack 1 (SP1) contains the following incorrect entry:
By default, DEP is only turned on for essential Windows operating system programs and services. To help protect more programs with DEP, select Turn on DEP for all programs and services except those I select.
By default, in Windows Server 2003 SP1, DEP is turned on for all programs and services except those that the administrator selects. By default, the "Turn on DEP for all programs and services except those I select" OptOut policy is already selected.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in System Properties.

To verify your settings, follow these steps:
  1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
  2. Click the Advanced tab, and then click Settings under Performance.
  3. Click the Data Execution Prevention tab, and then use one of the following procedures:
    • Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
    • Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
  4. Click OK two times.

Notes

  • By default in Microsoft Windows XP, the Turn on DEP for essential Windows programs and services only OptIn policy is selected.
  • DEP configuration for the computer can also be configured by using switches in the Boot.ini file.
    • To select the OptOut policy, add the /noexecute=optout parameter to the boot entry. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptOut
    • To select the OptIn policy, add the /noexecute=optin parameter to the Boot.ini file. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptIn
  • To support DEP, Windows loads a Physical Address Extension (PAE) kernel, even though the /PAE parameter is not in included in the Boot.ini file.
  • If the /noexecute parameter is not found in the boot entry, Windows Server 2003 uses the OptIn policy for DEP.
For more information about the DEP feature and Windows Server 2003 with SP1, visit the following Microsoft Web site: For more information about the DEP feature in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
875352 A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003

↑ Back to the top


Keywords: KB899298, kbtshoot

↑ Back to the top

Article Info
Article ID : 899298
Revision : 6
Created on : 10/6/2006
Published on : 10/6/2006
Exists online : False
Views : 494