Disable DEP Windows Server 2016

By default in Windows Server 2016, DEP (Data Execution Prevention) is enabled for security reasons.  However, this can lead to issues with certain applications and or services.

You can disable DEP, but leave PAE (Physical Address Extension) enabled.  You can do so from either the GUI (Graphical User Interface) or from Powershell.

From the GUI

Right click on Start MenuSystem. Open start, and type “System”.

Start System

On the left, click Advanced system settingsAdvanced tab > under the performance section, Settings…Data Execution Prevention tab:

Select the radio button for Turn on DEP for essential Windows programs and services only. Click OK.  This will require a restart to take effect so reboot during your next maintenance window or whenever is convenient for you.

Disable DEP from Powershell

Note that you’ll need to run Powershell as an administrator for this task otherwise you’ll get a permission denied error.  There are quite a few different options you can set here, but here is the main one you can run to achieve the above:

.\bcdedit.exe /set nx alwaysoff

Again, you need to restart for that to take effect.  If you want to know all commands available with bcdedit, you can issue the below command to get a list of available variables:

.\bcdedit.exe /?

To learn more about these commands, you can visit Microsoft’s BCDEDIT command line reference.


About the Author: Travis Wade

Just a simple man living an ordinary life with an extraordinary family. I'm an information technologist and hobbyist astronomer. Anything to do with technology and science is of total interest to me.