.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Q. How do I use Bcdedit to set the data execution prevention (DEP) mode?
John Savill
January 6, 2008
1 Min Read
A. There are four options to set the DEP mode from the Control Panel System applet:
- Optin: Enables DEP only for OS components, including the Windows kernel and Windows drivers. Administrators can enable DEP for selected executable files with the Application Compatibility Toolkit (ACT).
- Optout: Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. However, administrators can disable DEP on selected executable files with the Control Panel System applet.
- AlwaysOn: Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. All attempts to disable DEP are ignored, and all DEP configuration options are disabled.
- AlwaysOff: Disables DEP. Attempts to enable DEP selectively are ignored, and the DEP GUI is disabled.
You use Bcdedit to set the DEP mode for specific OS loaders, which can be viewed using the Bcdedit /enum osloader /v command. To set, use the /set nx switch. For example, to set the currently booted OS to DEP AlwaysOn, you would use the command
bcdedit /set nx AlwaysOn
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)