Hi I am running a Windows 2003 SP2 server, Enterprise edition. This is a virtual server. If I go to System Properties, I can see "Physical Address Extension" listed under the memory info. However, if I look at th boot.ini file, I can't see any PAE switch. The boot.ini is copied below: WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect I've read the the optout switch means that DEP is enabled. And if DEP is enabled, PAE is enabled too automatically, we don't need to add an extra /PAE switch to the boot.ini file. Could someone confirm if this is true? The reason I ask is because we are in talks with a vendor to install a finance application on our servers, and they advise not to use PAE with their application. Why, I'm not sure. Could someone advise: i) What are the actual benefits of DEP ii) Can we leave DEP running but disable PAE iii) Is it recommended to have DEP with PAE disabled Any help appreciated.

Hi, Yes, it’s true. To use these processor features I listed below, the processor must be running in Physical Address Extension (PAE) mode. Windows will automatically enable PAE mode to support DEP. Users do not have to separately enable PAE by using the /PAE boot switch. On 32-bit operating systems, hardware-enforced DEP requires PAE. Therefore, when DEP is enabled on a computer that supports hardware-enforced DEP, 32-bit versions of the Windows operating system automatically enable PAE and ignores /nopae. So we cannot leave DEP running with PAE disabled in 32-bit operating system. l The no-execute page-protection (NX) processor feature as defined by AMD. l The Execute Disable Bit (XD) feature as defined by Intel. Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows. Physical Address Extension (PAE) X86 allows applications using the Address Windowing Extensions (AWE) API set and running on a computer with more than 4 gigabytes (GB) of physical memory to map additional physical memory into the application’s virtual address space. Applications not using the AWE API set can also benefit from PAE X86 because the operating system uses the larger physical memory to reduce paging and thus increase performance. This is of particular benefit to consolidation servers hosting multiple applications. For more information, please refer to the following links: http://support.microsoft.com/kb/875352 http://msdn.microsoft.com/en-us/library/ff542275.aspx Based on the current situation, you will need to disable both DEP and PAE or install Windows Server 2003 x64 as a workaround. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks Arthur. Ok, so to confirm my understanding, we have DEP enabled, therefore PAE is automatically enabled too? How would DEP have been enabled? Would someone have modified the boot.ini file for example, or is DEP enabled by default? This KB (http://support.microsoft.com/kb/899298) indicates that DEP is enabled by default on Windows 2003 SP1 servers. Which would imply that PAE is enabled by default on most systems too? As regards our application, I can see from that KB that DEP can be disabled for certain applications. If we disabled DEP for Finance1, would this also mean that the application is now aware of PAE, and therefore we were less likely to encounter whatever issues that the vendor seems to think we would encounter on a PAE enabled server? Finally, for my own curiosity, whilst we are waiting to hear more details from the vendor who is being a bit vague at the moment, do you know what sort of problems we would expect to see on applications that have problems with PAE? And is it common that apps do have issues with PAE, or is this quite a rarity?

Hi Joe, To answer your questions: Yes, if DEP is enabled by default without modifying the boot.ini file, and PAE is automatically enabled too. I am afraid that disabling DEP for certain applications cannot disable PAE for these applications, because PAE is for the whole system. In fact, this is the first time I hear that some applications cannot work with PAE. I have no idea for what problems will encounter with such situation. You’d better contact the software vendor for more information. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.