JSI Tip 10036. How can a batch script determine if Hardware DEP is available and configured on my computer?

NOTE: See A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, and Windows XP Tablet PC Edition 2005, and Windows Server 2003.

NOTE: See How to Configure Memory Protection in Windows XP SP2?

Using Wmic.exe, I have scripted DEP.bat to determine if Hardware DEP is available on my computer, and how it is configured.

To use Hardware DEP:

- The computer's processor must support DEP.

- The DEP functionality must be enabled in the BIOS.

- The computer must be running Windows XP SP2 or Windows Server 2003 SP1, or later versions.

- The computer must have Hardware-enforced DEP enabled for programs.

The syntax for using DEP.bat is:

DEP HA SP

Where:

HA is a call directed environment variable that will contain TRUE or FALSE to indicate Hardware DEP.

SP is a call directed environment variable that will contain:

SP	Description
0	DEP is not enabled for any processes.
1	DEP is enabled for all processes.
2	DEP is enabled for all processes, but Administrators can exclude specific programs.
3	Only operating system components and services use DEP. This is the default.

DEP.bat contains:

@echo off
If \{%2\}==\{\} @echo Syntax: DEP HA SP&goto :EOF
setlocal
for /f "Skip=1 Tokens=*" %%a in ('wmic OS Get DataExecutionPrevention_Available') do (
 set HA=%%a
)
for /f "Skip=1 Tokens=*" %%a in ('wmic OS Get DataExecutionPrevention_SupportPolicy') do (
 set SP=%%a
)
set HA=%HA: =%
set SP=%SP: =%
endlocal&set %1=%HA%&set %2=%SP%