By default in Windows Server 2016, DEP (Data Execution Prevention) is enabled for security reasons. However, this can lead to issues with certain applications and or services.
You can disable DEP, but leave PAE (Physical Address Extension) enabled. You can do so from either the GUI (Graphical User Interface) or from Powershell.
From the GUI
Right click on Start Menu > System. Open start, and type “System”.
On the left, click Advanced system settings > Advanced tab > under the performance section, Settings… > Data Execution Prevention tab:
Select the radio button for Turn on DEP for essential Windows programs and services only. Click OK. This will require a restart to take effect so reboot during your next maintenance window or whenever is convenient for you.
Disable DEP from Powershell
Note that you’ll need to run Powershell as an administrator for this task otherwise you’ll get a permission denied error. There are quite a few different options you can set here, but here is the main one you can run to achieve the above:
Again, you need to restart for that to take effect. If you want to know all commands available with bcdedit, you can issue the below command to get a list of available variables:
To learn more about these commands, you can visit Microsoft’s BCDEDIT command line reference.