If you can find the control panel for DEP, you will find there is not an option to turn it off. This is not a terrible thing unless you are trying to troubleshoot a problem. Then you want to eliminate it as an issue, to confirm that the application will work in the environment as a whole. Then you can re enable it and try to configure DEP correctly to allow your application to function:
Access to DEP configuration panel-
1. Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, under Performance, click Settings.
3. On the Data Execution Prevention tab, use one of the following procedures:
a. Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
b. Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.
4. Click OK two times.
There are actually 4 global configurations for DEP-
| Configuration | Description |
| OptIn | This setting is the default configuration. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that “opt-in.” With this option, only Windows system binaries are covered by DEP by default. |
| OptOut | DEP is enabled by default for all processes. You can manually create a list of specific programs that do not have DEP applied by using the System dialog box in Control Panel. Information technology (IT) professionals can use the Application Compatibility Toolkit to “opt-out” one or more programs from DEP protection. System compatibility fixes, or shims, for DEP do take effect. |
| AlwaysOn | This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out by using the Application Compatibility Toolkit run with DEP applied. |
| AlwaysOff | This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. The processor does not run in PAE mode unless the /PAE option is present in the Boot.ini file. |
To turn off DEP globally, we must edit the Boot.ini file. Here are some instructions and an example of a Boot.ini file.-
1. Click Start, right-click My Computer, and then click Properties.
2. Click the Advanced tab, and then click Settings under the Startup and Recovery field.
3. In the System startup field, click Edit. The Boot.ini file opens in Notepad.
4. In Notepad, click Find on the Edit menu.
5. In the Find what box, type /noexecute, and then click Find Next.
6. In the Find dialog box, click Cancel.
7. Replace policy_level with AlwaysOff
Example of a Boot.ini file with /NoExecute set to AlwaysOff-
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect /NoExecute=AlwaysOff
