Microsoft KB Archive/900906

= Data Execution Prevention does not apply to programs and services after you install Windows XP Service Pack 2 on a computer that has Windows Server 2003 Beta for 64-bit Extended System installed =

Article ID: 900906

Article Last Modified on 8/8/2005

-

APPLIES TO

 Microsoft Windows XP Service Pack 2, when used with:  Microsoft Windows XP Home Edition

 Microsoft Windows XP Media Center Edition 2002

 Microsoft Windows XP Professional

 Microsoft Windows XP Tablet PC Edition</li></ul> </li></ul>

-

<div class="notice_section">

<div class="symptoms_section">

SYMPTOMS
Consider the following scenario:
 * You are using a computer that is running Microsoft Windows Server 2003 Beta for 64-bit Extended Systems.
 * You install Microsoft Windows XP with Service Pack 2 (SP2) on the computer.
 * The /noexecute=optin switch is in the boot loader section of the Boot.ini file.

However, Data Execution Prevention (DEP) does not apply to programs and services that run on the computer. Additionally, the following informational message appears on the Data Execution Prevention tab:

Your computer's processor does not support hardware-based DEP. However, Windows can use DEP software to help prevent some types of attacks.

This informational message appears even though the computer has a processor that supports hardware-based DEP.

<div class="cause_section">

CAUSE
This issue occurs because installation of Windows XP with SP2 does not replace the Boot Loader from Windows Server 2003 Beta for 64-bit Extended Systems. The Boot Loader from Windows Server 2003 Beta for 64-bit Extended Systems does not automatically load the Physical Address Extension (PAE) kernel if the /noexecute=optin switch is in the boot loader section of the Boot.ini file. The PAE kernel is required for hardware-based DEP functionality.

<div class="resolution_section">

RESOLUTION
To resolve this issue, follow these steps to add the /PAE boot switch to the Boot.ini file for the Windows XP SP2 installation: <ol> Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.</li> On the Advanced tab, click Settings under Startup and Recovery.</li> Under System Startup, click Edit.</li> Find the boot entry for the Windows XP with SP2 installation.</li> Add the /PAE boot switch to the end of the boot entry for the Windows XP with SP2 installation. For example, the content of the Boot.ini file is similar to the following content:

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=&quot;Microsoft Windows XP Professional” /fastdetect /noexecute=optin /PAE

</li> Save the Boot.ini file.</li> Click OK two times.</li> Restart the computer.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:

875352 A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003

Keywords: kbtshoot kbprb KB900906

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.