Jump to content
Welcome to our new Citrix community!
  • 0

DEP is off, but acting like it's on

Joe Robinson




I have an OS layer creating a while back (4.6ish).  I have a platform layer that is brand new with 4.11 using XenApp 7.18.  And an elastic layer that has been working fine for me, but now seems to be crashing to what has always translated to DEP being enabled. 


If I look at the MCS created VM from ELM, DEP is set to "Turn on DEP for Essential Windows and Programs Only".  This is the correct setting for this application to function.  If I query DEP through WMI, it shows a value of 2. 



C:\Windows\system32>wmic OS Get DataExecutionPrevention_SupportPolicy


According to the article I linked above, two is the correct value for DEP on for Essential Windows and Programs only.



Are there any issues with DEP and Applayering?    Any recommendations as to which layer DEP should be disabled in?  I have it disabled in the OS layer -- maybe it needs disabling in the Platform layer, too?  I'll continue testing, but I wanted to see if anyone had a definitive answer.

Link to comment

4 answers to this question

Recommended Posts

  • 1

I have never heard DEP mentioned before, so I doubt we're doing anything with it.  But if you want a setting to always win over any other layer, put it in the Platform Layer.  Give that a try and see if it persists.  If you put it in the Platform Layer and that value isn't what shows up in the published image, then either it's us somehow, or a GPO that's now changing it.

  • Like 1
Link to comment
  • 0

I'm still struggling with this issue, but I think I've got some more information.


I added a new version to the OS layer so I could see the status of DEP.  Using BCDEDIT, I could see the value of nx was AlwaysOff.  I canceled the OS layer as it was already the way I wanted it.


I added a new version of the Platform layer and again, BCDEDIT showed the value of nx as AlwaysOff.  I canceled the layer change as it was already configured the way I needed it.


I then published the template with this OS and platform layer.  I turned on the template VM and checked the state of DEP, and it appears to be correct -- it's set to AlwaysOff.


I updated my MCS catalog with this template and --- nx is set to OptIn.  So it looks like something is being done with MCS that is enabling DEP and breaking my app.  I'm going add a new version to the platform layer and downgrade the VDA to 7.17 to see if it resolves the problem.  If it does, I'll upgrade again and log a case if I see the same results.  Either way, I'll update this message just in case someone lands here on a search.








Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...