Article ID: 900524
Article Last Modified on 6/22/2005
APPLIES TO
- Microsoft Windows Server 2003 Service Pack 1, when used with:
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Service Pack 2, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
INTRODUCTION
This article describes how to prevent the Physical Address Extension (PAE) kernel from loading in Microsoft Windows Server 2003 with Service Pack 1 (SP1) or in Microsoft Windows XP with Service Pack 2 (SP2).
Note We do not recommend that you disable PAE mode.
We recommend that you disable PAE mode only to work around a hardware issue or to troubleshoot a specific issue that involves PAE or Address Windowing Extensions (AWE). Some features in hardware, such as the security features that are described in this article, depend on the PAE kernel for implementation. Contact your hardware vendor for information that is relevant to a specific model of computer.
MORE INFORMATION
In Windows Server 2003 with SP1 and in Windows XP with SP2, the Data Execution Prevention (DEP) processor features require that the processor run in PAE mode. DEP is a set of hardware and software technologies. These technologies perform additional checks on memory to help prevent malicious code from running on a system.
Starting with Windows XP SP2, the 32-bit versions of Windows use one of the following hardware technologies to implement DEP:
- The no-execute page-protection (NX) processor feature as defined by Advanced Micro Devices.
- The Execute Disable Bit (XD) feature as defined by Intel.
For more information about the DEP feature, click the following article number to view the article in the Microsoft Knowledge Base:
875352 A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003
For more information about the underlying hardware technologies that are used with DEP, contact Advanced Micro Devices or Intel.
Note To support DEP, Windows will automatically load the PAE kernel. You do not have to use the /PAE boot switch in the Boot.ini file.
How to disable PAE mode
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
To troubleshoot a system, you may have to disable PAE mode on a computer where Windows has automatically enabled PAE mode. In this scenario, you can disable PAE mode by editing the Boot.ini file.
Disable PAE mode in Windows Server 2003 with SP1
Add the following switches to the Windows Server 2003 Boot.ini file:
/execute /NOPAE
For example, the Boot.ini file may appear as follows:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Server 2003" /fastdetect /execute /NOPAE
Disable PAE mode in Windows XP with SP2
Add the following switches to the Windows XP Boot.ini file:
/noexecute=alwaysoff /NOPAE
For example, the Boot.ini file may appear as follows:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /fastdetect /noexecute=alwaysoff /NOPAE
For more information about how to edit the Boot.ini file, click the following article number to view the articles in the Microsoft Knowledge Base:
317526 How to edit the Boot.ini file in Windows Server 2003
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Keywords: kbtshoot KB900524
