I believe that this software was first introduced to windows with Windows 2000 and used to default to "Turn on DEP for essential Windows programs and services only", but this has changed with Windows Vista Ultimate and Windows Server 2008. It is now defaulting to "Turn on DEP for all programs and services except those I select:", which can cause the installation of some applications to fail. Here is some text from the help file that describes how DEP works:
"DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you."
Unfortunately, the DEP software does not always do this. It does not always inform you that it has taken action and closed a program, which can cause the application that you are running to fail for an unknown reason. I have never had a virus on any system that I am 100% in control of, so I decided to set it back to the old default setting and leave it there. At the very least, you can change the setting just to install the application that you are having trouble with and then set it back after it is installed. A reboot is required everytime the setting is changed.
If anyone has any additional feedback on this I'd like to hear your thoughts.
Well, it's been well over a year since I last rebuilt my workstation, so I decided to install Windows Server 2008 (WS2008) on it since more than 95% of the development that I do is based on IIS. I had toyed around with Vista Ultimate a few times, but never had any good results. Vista seems to work ok on machines with hardware designed specifically for it, but runs at 10-25% of normal speed on machines that aren't. Plus the whole UAC system pretty much makes Vista unusable for development purposes. You are probably asking why don't you just turn off UAC? That will be the topic of another post, but the bottom line is that UAC is so embedded into the system that this isn't an option and trying to override it becomes an impossible task to manage.
I was expecting the same when I installed WS2008, but I was totally surprised. There have been several improvements over Vista with many of the issues. Out of the box, WS2008 is very similar in look and feel to Windows Server 2003 (WS2003) and Windows XP as it doesn't have any of the nifty Vista visual components turned on. One of the first things that I did was to turn those visual components on. It will take a little bit of time to figure out everything that you need to do to do this, but once done you should have pretty much the same performance under WS2008 that you had under WS2003 or XP. PLUS! The UAC system is leaps and bounds better. At first I tried using it and then overriding it as I couldn't figure out how to make things work properly under it, but overriding UAC is no longer even an option as your system will become unusable if you do.
Both WS2008 and Vista make heavy use of Junction Points (soft links in UNIX based systems) that need to be preserved at all costs if you want your system(s) to run smoothly. You will most definitely want to leave the Folder Options / View / Hide protected operating system files setting in its default state of on, unless you want to see a bunch of folder links (Junction Points) in Windows Explorer. You may need to turn it off to perform certain tasks, but I recommend leaving on at all other times. If you are not familiar with the DIRCMD environement variable, I suggest that you become acquanted with it. I have mine defined in a domain group policy that sets it to "/ogne /a" to show all files and sort them when using DIR from a Command Prompt.
Also, you will definitely want to look into Folder Redirection as it has been greatly expanded in Vista and later. Microsoft has written a very good white paper entitled Managing Roaming User Data Deployment Guide that covers this. In fact, I have completely removed all roaming profiles in favor of using folder redirection by using this document. If you have a large exisiting domain it will take a while to smoothly transition over, but for small or new networks it's a breeze. There are still a few short commings in Windows Explorer and the MMC, but there are work-arounds for many of them and some of them just work differently. I can probably with another post of this as well.
If you plan of doing a similar installation, I recommend that you install everything that you can under the local Administrator account before installing applications that require domain resources and for you to be logged in under a domain account with administrative access to the machine. This will make your life much easier in the end as administrative accounts, other than the local Administrator account, have significantlly changed and do not have the full administrative rights that you are used to. Even the local Administrator account doesn't have the same access that previous versions of Windows (prior to Vista) had. DO NOT ATTEMPT TO CHANGE THIS! If you try to take ownership of system files and change their permissions to be able to change them, you will most likely run into issues down the road and may even make your system unusable.
Go ahead, explore, and have some fun. I did have to go through a second installation of WS2008 on the same machine as I did screw it up the first time, but that is the only way that you will figure out how you need to setup your system. In the end, I was able to install everything that I was using under WS2003 plus a few applications that wouldn't run or install under WS2003, so I'm very happy. I installed both VS2005 and VS2008 with the TFS Explorer Client, and both are running smoothly. Yes I know that VS2008 can compile VS2005 solutions once upgraded, but not everyone is running VS2008 and SQL Server 2005 automatically installs part of the VS2005 IDE, so it's a good idea to install VS2005 in whole. Just make sure that you have it fully installed before attempting to install anything for VS2008.
Take it easy,
Bill Bosacker
P.S. You may need to us "msconfig" from the Command Prompt to disable certain applications from running at startup, and this is where some of the exploring comes into play.