MORE INFORMATION

If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in System Properties.

To verify your settings, follow these steps:

1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
2. Click the Advanced tab, and then click Settings under Performance.
3. Click the Data Execution Prevention tab, and then use one of the following procedures:
   • Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
   • Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
4. Click OK two times.

Notes

• By default in Microsoft Windows XP, the Turn on DEP for essential Windows programs and services only OptIn policy is selected.
• DEP configuration for the computer can also be configured by using switches in the Boot.ini file.
  • To select the OptOut policy, add the /noexecute=optout parameter to the boot entry. For example:

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptOut

  • To select the OptIn policy, add the /noexecute=optin parameter to the Boot.ini file. For example:

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /noexecute=OptIn

• To support DEP, Windows loads a Physical Address Extension (PAE) kernel, even though the /PAE parameter is not in included in the Boot.ini file.
• If the /noexecute parameter is not found in the boot entry, Windows Server 2003 uses the OptIn policy for DEP.

For more information about the DEP feature and Windows Server 2003 with SP1, visit the following Microsoft Web site:

For more information about the DEP feature in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base: