The "Understanding Data Execution Prevention" help topic incorrectly states the default setting for DEP in Windows Server 2003 Service Pack 1

Article translations Article translations
Article ID: 899298 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

The "Understanding Data Execution Prevention" help topic in Microsoft Windows Server 2003 with Service Pack 1 (SP1) contains the following incorrect entry:
By default, DEP is only turned on for essential Windows operating system programs and services. To help protect more programs with DEP, select Turn on DEP for all programs and services except those I select.
By default, in Windows Server 2003 SP1, DEP is turned on for all programs and services except those that the administrator selects. By default, the "Turn on DEP for all programs and services except those I select" OptOut policy is already selected.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in System Properties.

To verify your settings, follow these steps:
  1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
  2. Click the Advanced tab, and then click Settings under Performance.
  3. Click the Data Execution Prevention tab, and then use one of the following procedures:
    • Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
    • Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
  4. Click OK two times.

Notes

  • By default in Microsoft Windows XP, the Turn on DEP for essential Windows programs and services only OptIn policy is selected.
  • DEP configuration for the computer can also be configured by using switches in the Boot.ini file.
    • To select the OptOut policy, add the /noexecute=optout parameter to the boot entry. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptOut
    • To select the OptIn policy, add the /noexecute=optin parameter to the Boot.ini file. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptIn
  • To support DEP, Windows loads a Physical Address Extension (PAE) kernel, even though the /PAE parameter is not in included in the Boot.ini file.
  • If the /noexecute parameter is not found in the boot entry, Windows Server 2003 uses the OptIn policy for DEP.
For more information about the DEP feature and Windows Server 2003 with SP1, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc738483.aspx
For more information about the DEP feature in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
875352 A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003

Properties

Article ID: 899298 - Last Review: October 6, 2006 - Revision: 2.4
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
Keywords: 
kbtshoot KB899298

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com