Data Execution Prevention (DEP) is a group of software and hardware which perform additional security checks prevent malicious code from running on a system. However you may wish to turn off DEP for some applications and programs on a Server Core system, to do this perform the below three steps :
1. Check The Current DEP level
Run the below command:
wmic OS Get DataExecutionPrevention_SupportPolicy
This will return an integer which corresponds to a DEP Support Policy:
| DEP Support Policy | Policy Level | Description |
| 2 | OptIn?Default? | Turn on DEP for essential Windows programs and services only |
| 3 | OptOut | Turn on DEP for all programs and services except those I select. Admin can add create one DEP exception list |
| 1 | AlwaysOn | Enable DEP for all process |
| 0 | AlwaysOff | Disable DEP for all process |
2. Alter the DEP Policy Level
To add a program to DEP exception list, change the Policy Level to “OptOut” (please refer to the above table). The below command will perform this action:
bcdedit.exe /set {current} nx OptOut
Then restart the system.
3. Create An Exception List
Add the application to the DEP exception list by altering the registry as below:
For each application you wish to disable the DEP for, create a String Value with the name of the value being the full path to the executable (such as C:\Program Files\Windows Live\WindowsLiveWriter.exe) and the value data being “DisableNXShowUI” under the below registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Note that using Registry Editor improperly may result in serious issues that could require a reinstall of Windows. The Registry Editor should be used sparingly and with caution. For more information on the registry see http://support.microsoft.com/?id=256986
