Rpl.exe -i /noexecute=optout /NoExecute=OptIn c:\boot. Once the file was editable, i now performed the rpl command to search and replace: Using RPL i could search the boot.ini for the optout statement and replace it with the optin (aka turn off Dep).īecause boot.ini is a system and read only file by default, i needed to use the attrib command so first i set about removing the read only, hidden and system file attributes on the file in order to edit it: To automate this change, i used a tool called RPL.exe, this is a direct translation of the Unix command/tool to replace text inside of a text file. The bottom says 'Your comuter's processor does not support hardware based DEP.
P.S.-My DEP tab in System reads as did martinr121's in the linked post. systems multi(0)disk(0)rdisk(0)partition(1)WINDOWSWindows Server 2003, Enterprise /noexecuteoptout /fastdetect S2Since I have been having no problems with OptOut, I will leave my boot.ini as is. What confuses me with the above statement is why Opting out means DEP is enabled? To disable DEP you need to change this switch to OptIn, which makes no sense to me at all. it seems 'NoExecuteOptOut' is the most secure setting. Multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows Server 2003, Standard” /NoExecute=OptOut /fastdetect The noexecute switch enables no-execute protection called the Data Execution Protection (DEP) which makes the computer memory manager to mark pages containing data as no-execute. Take this for example, this is a server with DEP enabled: The noexecute parameter is a switch in the boot.ini file used to enable, disable, and configure Data Execution Prevention (DEP). This though also completely turns off DEP which is not what we desire. When I do that, the reference to PAE in My Computer > Properties goes away. To make matters worse its a kinda complicated setting as it sounds opposite to what it is exactly doing. The only way I have found to disable it and get rid of it has been to change the /noexecuteoptout to /execute. The problem with Dep is simple, its not a Reg Key, its not an environment variable its a system setting loaded on startup from the boot.ini file. We had this problem recently with our XenApp servers, as part of the latest service pack DEP (or Data Execution Protection) has now been enabled for all applications accross all platforms and this can cause havok in a terminal services environment.