NOTE: See A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, and Windows XP Tablet PC Edition 2005, and Windows Server 2003.

NOTE: See How to Configure Memory Protection in Windows XP SP2?

Using Wmic.exe, I have scripted DEP.bat to determine if Hardware DEP is available on my computer, and how it is configured.

To use Hardware DEP:

- The computer's processor must support DEP.

- The DEP functionality must be enabled in the BIOS.

- The computer must be running Windows XP SP2 or Windows Server 2003 SP1, or later versions.

- The computer must have Hardware-enforced DEP enabled for programs.

The syntax for using DEP.bat is:



HA is a call directed environment variable that will contain TRUE or FALSE to indicate Hardware DEP.                              SP is a call directed environment variable that will contain:

         SP    Description
         0 DEP is not enabled for any processes.
         1 DEP is enabled for all processes.
         2 DEP is enabled for all processes, but Administrators can exclude specific programs.
         3 Only operating system components and services use DEP. This is the default.
DEP.bat contains:
@echo off                              If \{%2\}==\{\} @echo Syntax: DEP HA SP&goto :EOF                              setlocal                              for /f "Skip=1 Tokens=*" %%a in ('wmic OS Get DataExecutionPrevention_Available') do (                               set HA=%%a                              )                              for /f "Skip=1 Tokens=*" %%a in ('wmic OS Get DataExecutionPrevention_SupportPolicy') do (                               set SP=%%a                              )                              set HA=%HA: =%                              set SP=%SP: =%                              endlocal&set %1=%HA%&set %2=%SP%