@@echo off
Echo DEP OptOut Mode Script for Windows XP/Vista/2003/2008
Echo.
Echo David Graff
Echo Michigan State University Physical Plant
Echo <a href="/cgi-bin/wa?LOGON=A3%3Dind1002%26L%3DMSUNAG%26E%3D7bit%26P%3D52480%26B%3D--part-Hjuhy2l-AAofb1bApCB19aB-vYP5arBW7GzVWyjRC1R4Q%26T%3DTEXT%252FPLAIN%3B%2520name%3D%2522dep_enable.txt%2522%26N%3Ddep_enable.txt" target="_parent" >[log in to unmask]</a>
Echo 12/28/2009 v1.3
Echo.

Echo.
Echo Detecting Operating System:
ver | find "5.1.2600" > NUL && goto XP
ver | find "5.2.3790" > NUL && goto 2003
ver | find "6.0.600" > NUL && goto Vista_2008
ver | find "6.1.7" > NUL && goto Vista_2008
goto wrong_OS


:XP
:2003
Echo.
Echo Windows XP/2003 detected
Echo.
if not exist %homedrive%\boot.ini goto boot.ini_not_found
find /I "/NoExecute=OptOut" %homedrive%\boot.ini > NUL && goto DEP_on
find /I "/NoExecute=AlwaysOn" %homedrive%\boot.ini > NUL && goto DEP_on
Echo Updating boot.ini
Echo.
bootcfg /raw "/fastdetect /NoExecute=OptOut" /id 1 || goto admin_rights
Echo.
eventcreate /id 1 /l SYSTEM /so "Data Execution Prevention" /t INFORMATION /d "Data Execution Prevention policy successfully changed to Opt Out mode."
exit /b 0


:Vista_2008
Echo.
Echo Windows Vista/2008/7 detected
Echo.
bcdedit.exe > NUL || goto admin_rights
bcdedit.exe | find /I "OptOut" > NUL && goto DEP_on
bcdedit.exe | find /I "AlwaysOn" > NUL && goto DEP_on
Echo Enabling DEP OptOut mode.
bcdedit.exe /set nx OptOut > NUL || goto admin_rights
Echo.
eventcreate /id 10 /l SYSTEM /so "Data Execution Prevention" /t INFORMATION /d "Data Execution Prevention policy successfully changed to Opt Out mode."
exit /b 0


:wrong_OS
eventcreate /id 1 /l SYSTEM /so "Data Execution Prevention" /t WARNING /d "OS not supported. Data Execution Prevention cannot be enabled."
exit /b 1

:boot.ini_not_found
echo boot.ini file not found. Aborting script.
eventcreate /id 2 /l SYSTEM /so "Data Execution Prevention" /t ERROR /d "Boot.ini file not found. Data Execution Prevention policy cannot be set."
exit /b 2

:DEP_on
echo DEP already enabled.
eventcreate /id 10 /l SYSTEM /so "Data Execution Prevention" /t INFORMATION /d "Data Execution Prevention policy already set to OptOut or AlwaysOn."
exit /b 0

:admin_rights
echo Command failed. Verify that script was executed with admin rights.
echo Aborting script.
eventcreate /id 4 /l SYSTEM /so "Data Execution Prevention" /t ERROR /d "A general failure occured while attempting to change Data Execution Prevention policy. Make sure that the script was run with admin credentials."
exit /b 4