Q. How do I use Bcdedit to set the data execution prevention (DEP) mode?
January 6, 2008
A. There are four options to set the DEP mode from the Control Panel System applet:
- Optin: Enables DEP only for OS components, including the Windows kernel and Windows drivers. Administrators can enable DEP for selected executable files with the Application Compatibility Toolkit (ACT).
- Optout: Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. However, administrators can disable DEP on selected executable files with the Control Panel System applet.
- AlwaysOn: Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. All attempts to disable DEP are ignored, and all DEP configuration options are disabled.
- AlwaysOff: Disables DEP. Attempts to enable DEP selectively are ignored, and the DEP GUI is disabled.
You use Bcdedit to set the DEP mode for specific OS loaders, which can be viewed using the Bcdedit /enum osloader /v command. To set, use the /set nx switch. For example, to set the currently booted OS to DEP AlwaysOn, you would use the command
bcdedit /set nx AlwaysOn
About the Author
You May Also Like