DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 899298 - Last Review: October 6, 2006 - Revision: 2.4

On This Page

SYMPTOMS

The "Understanding Data Execution Prevention" help topic in Microsoft Windows Server 2003 with Service Pack 1 (SP1) contains the following incorrect entry:
By default, DEP is only turned on for essential Windows operating system programs and services. To help protect more programs with DEP, select Turn on DEP for all programs and services except those I select.
By default, in Windows Server 2003 SP1, DEP is turned on for all programs and services except those that the administrator selects. By default, the "Turn on DEP for all programs and services except those I select" OptOut policy is already selected.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in System Properties.

To verify your settings, follow these steps:
  1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
  2. Click the Advanced tab, and then click Settings under Performance.
  3. Click the Data Execution Prevention tab, and then use one of the following procedures:
    • Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
    • Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
  4. Click OK two times.

Notes

  • By default in Microsoft Windows XP, the Turn on DEP for essential Windows programs and services only OptIn policy is selected.
  • DEP configuration for the computer can also be configured by using switches in the Boot.ini file.
    • To select the OptOut policy, add the /noexecute=optout parameter to the boot entry. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptOut
    • To select the OptIn policy, add the /noexecute=optin parameter to the Boot.ini file. For example:
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptIn
  • To support DEP, Windows loads a Physical Address Extension (PAE) kernel, even though the /PAE parameter is not in included in the Boot.ini file.
  • If the /noexecute parameter is not found in the boot entry, Windows Server 2003 uses the OptIn policy for DEP.
For more information about the DEP feature and Windows Server 2003 with SP1, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc738483.aspx (http://technet.microsoft.com/en-us/library/cc738483.aspx)
For more information about the DEP feature in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
875352  (http://support.microsoft.com/kb/875352/ ) A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003

APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
Keywords: 
kbtshoot KB899298
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support