Article ID: 900524 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
This article describes how to prevent the Physical Address Extension (PAE) kernel from loading in Microsoft Windows Server 2003 with Service Pack 1 (SP1) and later versions of Windows Server 2003 or in Microsoft Windows XP with Service Pack 2 (SP2) and later versions of Windows XP.
Note We do not recommend that you disable PAE mode.
We recommend that you disable PAE mode only to work around a hardware issue or to troubleshoot a specific issue that involves PAE or Address Windowing Extensions (AWE). Some features in hardware, such as the security features that are described in this article, depend on the PAE kernel for implementation. Contact your hardware vendor for information that is relevant to a specific model of computer.
In Windows Server 2003 with SP1 and later versions of Windows Server 2003 and in Windows XP with SP2 and later versions of Windows XP, the Data Execution Prevention (DEP) processor features require that the processor run in PAE mode. DEP is a set of hardware and software technologies. These technologies perform additional checks on memory to help prevent malicious code from running on a system.
Starting with Windows XP SP2 and later versions of Windows XP, the 32-bit versions of Windows use one of the following hardware technologies to implement DEP:
875352For more information about the underlying hardware technologies that are used with DEP, contact Advanced Micro Devices or Intel.
(http://support.microsoft.com/kb/875352/ )A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003
Note To support DEP, Windows will automatically load the PAE kernel. You do not have to use the /PAE boot switch in the Boot.ini file.
How to disable PAE modeWarning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
To troubleshoot a system, you may have to disable PAE mode on a computer where Windows has automatically enabled PAE mode. In this scenario, you can disable PAE mode by editing the Boot.ini file.
Disable PAE mode in Windows Server 2003 with SP1 and later versions of Windows Server 2003Add the following switches to the Windows Server 2003 Boot.ini file:
/execute /NOPAEFor example, the Boot.ini file may appear as follows:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /execute /NOPAE
Disable PAE mode in Windows XP with SP2 and later versions of Windows XPAdd the following switches to the Windows XP Boot.ini file:
/noexecute=alwaysoff /NOPAEFor example, the Boot.ini file may appear as follows:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /fastdetect /noexecute=alwaysoff /NOPAE
For more information about how to edit the Boot.ini file, click the following article number to view the articles in the Microsoft Knowledge Base:
317526The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
(http://support.microsoft.com/kb/317526/ )How to edit the Boot.ini file in Windows Server 2003
Article ID: 900524 - Last Review: June 20, 2014 - Revision: 4.0