How can you enable hardware DEP and still have NS Agent function


Article ID: 179680


Updated On:


Management Platform (Formerly known as Notification Server)




How can you enable hardware DEP and still have NS Agent function?

Currently, with DEP set to AlwaysOn it will prevent the Altiris Service from starting as seen in KB 51781. Turning off DEP (Data Exection Prevention) is a course of action, you can still enable DEP while allowing the Altiris Service to pass through DEP.

Here are the steps:

  1. Log into the machine as an Administrator
  2. Add the registry key:
    1. HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers  (you may need to create the “Layers” key if not present)
    2. Value Name: c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
    3. Value Type: REG_SZ
    4. Value: DiasbleNXShowUI
  3. Reboot the machine
  4. Run this command line as an Administrator:
    1. Bcdedit /set {CURRENT.EN_US} nx OptOut
  5. Reboot the machine
  6. Start the Altiris Service (if not started automatically)

DEP should look like this:

The following scenario worked:
1. Hardware DEP is ON
2. Software DEP is set to OptOut
3. Exclude the Altiris service in the registry