Disabling Windows Data Protection (DEP)


Data Execution Prevention (DEP) is a set of hardware and software technologies that perform memory checks to help prevent malicious code from running on a system. DEP is available only on Microsoft Windows XP Service Pack 2 and on Microsoft Windows 2003 Service Pack 1.

Personally I don’t find DEP gets in my way for my day-to-day shenanigans but I have heard others complaining about DEP preventing some non-malicious programs from doing their thang. For those who are interested, DEP can be disabled using the following method…

Right-click My Computer from either the Start menu or on the Desktop and select Properties
Click Advanced
Under the Performance heading click Settings
Click the Data Execution Prevention tab

Under this tab you can select to have DEP enabled either for essential Windows programs or services or it can be enabled for all programs and services with user defined exceptions.

To disable DEP you need to edit the boot.ini file. The easiest way to do this is to follow these steps:

Right-click My Computer from either the Start menu or on the Desktop and select Properties
Click Advanced
Under the Startup and Recovery heading click Settings
Click Edit

You are not presented with the contents of your boot.ini file which should look similar to below:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

To disable DEP alter the text to show /noexecute=AlwaysOff and save your changes. After a reboot DEP will be disabled and will be ‘greyed out’ when viewed under the Performance tab. To re-enable DEP edit boot.ini again and use the ‘optin’ switch.

There are in fact four options for DEP that can be applied to boot.ini as below:

OptIn

This setting is the default configuration. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default.

OptOut

DEP is enabled by default for all processes. You can manually create a list of specific programs that do not have DEP applied by using the System dialog box in Control Panel. System compatibility fixes, or shims, for DEP do take effect.

AlwaysOn

This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out run with DEP applied.

AlwaysOff

This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support.


Just to mention, another (more long-winded) way to edit the boot.ini file is to follow these steps:

Right-click My Computer and select Explore
Click on Tools / Folder Options and click the View tab
Click the radio button to Show Hidden Files and Folders
Remove the tick from the box that says Hide Protected Operating System Files
Click OK to close the dialogue box and return to Windows Explorer
Open the C: drive of your computer and boot.ini should now be visible
Right-click boot.ini and remove the read-only restriction

You can now edit boot.ini using Notepad or another text editor.

Did the information on this page help you? If so, please help to fund this site by clicking one of our sponsored ads...