DEP — Set a Windows 2019 server to Essential Programs and Services only
2 min readJul 11, 2023
Here’s a sample script to set a Windows Server 2019 to run only essential programs and services on Data Execution Prevention (DEP).
# Check if running with administrator privileges
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (-not $isAdmin) {
Write-Host "Please run this script with administrative privileges."
exit 1
}
# Set DEP configuration to essential programs and services only
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "DisablePagingExecutive" -Value 1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "LargeSystemCache" -Value 0
# Enable DEP for essential programs and services
$depSettings = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct
foreach ($setting in $depSettings) {
if ($setting.displayName -eq "Windows Defender") {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesConsent" -Value 2
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet" -Name "SubmitSamplesImmediately" -Value 1
}
}
# Restart the server for the changes to take effect
Write-Host "The server needs to be restarted for the changes to take effect."
$confirm = Read-Host "Do you want to restart the server now? (Y/N)"
if ($confirm -eq "Y" -or $confirm -eq "y") {
Restart-Computer -Force
} else {
Write-Host "Please restart the server manually to apply the changes."
}
Save the script in a file with a .ps1 extension (e.g., dep_config.ps1). To execute the script, open an elevated PowerShell window, navigate to the directory where you saved the script, and run the following command:
.\dep_config.ps1Make sure to review and understand the script before executing it. It modifies the registry settings related to DEP and Windows Defender submission preferences. Restarting the server is required for the changes to take effect.