Deactivate Data Execution Prevention

  • Thread starter Thread starter arno
  • Start date Start date
A

arno

Guest
Hello,

I have a Win 2003 R2 SP3 Terminal Server, DC and Printserver is a Win2003
SBS.

The Terminal Server stops working because of some problems with the spooler
service. I would like to know if I can deactivate "Data Execution
Prevention" by setting it from "only neccessary windows programs and
services" to "all programs/services with exceptions" (sorry, translated from
german). I am not sure what services/programs are monitored before and after
the change. Also the result is not clear. Currently, our programs stop
responding until I start the spooler service, however, what will happen
after the change - bluescreens?

I know that the cause of the problem may be one of the locally used and
redirected printers in the TS sessions, however, I do not know which one
causes the troubel. And we have many printers, as there are 4 subsidiaries
with many printers connected to the TS. The events do not tell me which
printer caused the trouble, it just says that the spooler service had to be
stopped.

Is there a way to restart the service automatically when it was stopped by
the data execution prevention?

regards

arno
 
Re: Deactivate Data Execution Prevention

arno <nospam@invalid.net> wrote:
> Hello,
>
> I have a Win 2003 R2 SP3 Terminal Server, DC and Printserver is a
> Win2003 SBS.
>
> The Terminal Server stops working because of some problems with the
> spooler service. I would like to know if I can deactivate "Data
> Execution Prevention" by setting it from "only neccessary windows
> programs and services" to "all programs/services with exceptions"
> (sorry, translated from german). I am not sure what services/programs
> are monitored before and after the change. Also the result is not
> clear. Currently, our programs stop responding until I start the
> spooler service, however, what will happen after the change -
> bluescreens?
> I know that the cause of the problem may be one of the locally used
> and redirected printers in the TS sessions, however, I do not know
> which one causes the troubel. And we have many printers, as there are
> 4 subsidiaries with many printers connected to the TS. The events do
> not tell me which printer caused the trouble, it just says that the
> spooler service had to be stopped.
>
> Is there a way to restart the service automatically when it was
> stopped by the data execution prevention?
>
> regards
>
> arno



DEP is not the problem and won't help you here - and you've got to attack
the underlying cause, not the symptom. This is a bad printer driver, hands
down. Never install print drivers for your users (for redirection) - this
can lead to a very unstable terminal server. I'd uninstall all locally
installed print drivers and start over - check out
http://www.sessioncomputing.com/printing.htm and try posting in
microsoft.public.windows.terminal_services for the most expert help. You
have to be very careful with TS.

You can check out third party products for universal (or nearly so) printer
support - I'm a big fan of Tricerat's "Screwdriver" app. Works like a champ.
Not inexpensive, but worth it.
 
Re: Deactivate Data Execution Prevention

Hello,

> DEP is not the problem and won't help you here


I would like to understand what DEP is doing. Would the spooler crash cause
a bluescreen like it does with Win 2000?
KB 875352 on DEP says that it "helps prevent malicious code from running on
a system". So, I am in the lucky situation that my system does not get a BOD
because it thinks that a virus is attacking?

> This is a bad printer driver, hands down. Never install print drivers for
> your users (for redirection) - this can lead to a very unstable terminal
> server. > I'd uninstall all locally installed print drivers and start over


I know. So I have to turn off printer driver redirection on the TS because
the users must have their local printers for LOCAL use.

> - check out http://www.sessioncomputing.com/printing.htm and try posting
> in microsoft.public.windows.terminal_services for the most expert help.


ok.

> You can check out third party products for universal (or nearly so)
> printer support - I'm a big fan of Tricerat's "Screwdriver" app. Works
> like a champ. Not inexpensive, but worth it.


I'll have a look. Can you post an approx. price for on TS?

Thank you

arno
 
Re: Deactivate Data Execution Prevention

arno <nospam@invalid.net> wrote:
> Hello,
>
>> DEP is not the problem and won't help you here

>
> I would like to understand what DEP is doing. Would the spooler crash
> cause a bluescreen like it does with Win 2000?


No.

> KB 875352 on DEP says that it "helps prevent malicious code from
> running on a system". So, I am in the lucky situation that my system
> does not get a BOD because it thinks that a virus is attacking?


Um - not sure what you mean. You wouldn't get a BSOD because a service
stops. And DEP is not the thing stopping the service.
>
>> This is a bad printer driver, hands down. Never install print
>> drivers for your users (for redirection) - this can lead to a very
>> unstable terminal server. > I'd uninstall all locally installed
>> print drivers and start over

>
> I know. So I have to turn off printer driver redirection on the TS
> because the users must have their local printers for LOCAL use.


No, that isn't the problem....redirection itself is not the problem. The
problem is if you've installed any printer drivers for your users, on the TS
box, to *aid* their printer redirection,when the built-in stuff didn't work.
Never do that.
>
>> - check out http://www.sessioncomputing.com/printing.htm and try
>> posting in microsoft.public.windows.terminal_services for the most
>> expert help.

>
> ok.
>
>> You can check out third party products for universal (or nearly so)
>> printer support - I'm a big fan of Tricerat's "Screwdriver" app.
>> Works like a champ. Not inexpensive, but worth it.

>
> I'll have a look. Can you post an approx. price for on TS?


I'd check out www.tricerat.com - I think it was about $1k per server plus
annual maintenance. Well worth it. They're nice folks - easy to work with.
>
> Thank you
>
> arno
 
Re: Deactivate Data Execution Prevention

Hi again,


>> KB 875352 on DEP says that it "helps prevent malicious code from
>> running on a system". So, I am in the lucky situation that my system
>> does not get a BOD because it thinks that a virus is attacking?

>
> Um - not sure what you mean. You wouldn't get a BSOD because a service
> stops. And DEP is not the thing stopping the service.


DEP is stopping the service, that's what the message says when I log on the
console of the TS ("DEP, this program has been shut down for security
reasons, name: spooler sub system application")

> No, that isn't the problem....redirection itself is not the problem. The
> problem is if you've installed any printer drivers for your users, on the
> TS
> box, to *aid* their printer redirection,when the built-in stuff didn't
> work.
> Never do that.


It could be the new printer driver (for PDF, RTF, Excel output) that comes
with one of the applications on the TS. We will disable all printer
redirections (no redirected printer, no driver problem I hope) and see if we
still have problems. This is the only "new" driver we know of.

regards

arno
 
Re: Deactivate Data Execution Prevention


> It could be the new printer driver (for PDF, RTF, Excel output) that comes
> with one of the applications on the TS. We will disable all printer
> redirections (no redirected printer, no driver problem I hope) and see if
> we still have problems. This is the only "new" driver we know of.


Disabling all printer redirections on the TS stopped the problem. And
printing speed increased dramatically.

On the TS we turned printer redirection on again but disabled the feature on
all RDP clients except those that really need it. Additionally, we removed
all local installations of the PDF-printer (same printer as on the TS but
old and incompatible dirvers that came with the test version of the
software). The problem did not occur again.

So, Lanwench, you are suggesting to remove all printer drivers from the TS
as recommended in these articles:

http://support.microsoft.com/kb/260142/en-us

http://www.msterminalservices.org/articles/hunt-bad-printer-driver.html

I have to check with my Admin as I think that the drivers where installed on
the TS on purpose...

arno

PS:

These are the printer monitors:

BJ Language Monitor
Canon BJ Language Monitor PIXMA iP5000
CNAC4 Monitor
Local Port
LPR Port
LPR Port\Ports
Microsoft Document Imaging Writer Monitor
PJL Language Monitor
Standard TCP/IP Port
Standard TCP/IP Port\Ports
USB Monitor



These are the printers:

Amyuni Document Converter 2.50
Amyuni Document Converter 300
Apple Color LW 12/660 PS
Brother M-4318
Canon Bubble-Jet BJC-4550
Canon LBP5000
Canon PIXMA iP5000
DocuColor 240 PCL
DocuColor 240 PS
Epson LQ-1170 ESC/P 2
Epson LQ-1170 Scalable Font
Epson LQ-570+ ESC/P 2
Generic / Text Only
HP Color LaserJet 2500 PCL 6
HP Color LaserJet 4550 PS
HP Color LaserJet 4600 PCL 6
HP Color LaserJet 4600 PS
HP DeskJet 1600CM/PS
HP DeskJet 640C/642C/648C
HP DeskJet 840C/841C/842C/843C
HP DeskJet 950C/952C/959C
HP LaserJet 1100 (MS)
hp LaserJet 1320 PCL 6
HP LaserJet 2100 Series PS
HP LaserJet 2200 Series PCL
HP LaserJet 2200 Series PCL 6
HP LaserJet 2420 PCL 6
HP LaserJet 3300 Series PCL 6
HP LaserJet 4
HP LaserJet 4 Plus
HP LaserJet 4000 Series PCL
HP LaserJet 4000 Series PS
HP LaserJet 4350 PCL 6
HP LaserJet 4V
HP LaserJet 5
HP LaserJet 5L
HP LaserJet 5MP
HP LaserJet 5P
HP LaserJet 6P
HP LaserJet III
Kyocera Mita FS-1020D KX
Kyocera Mita KM-1530
LANIER 5635 PCL 6
Lexmark Optra E
Lexmark Optra E310 (MS)
Lexmark Optra Ep
Lexmark Optra Ep PS
Microsoft Office Document Image Writer Driver
NRG 4525/4508/4502 PCL 5e
NRG 4525/4508/4502 PCL 6
NRG 4525/4508/4502 PS
Tally T8024 PCL6
Xerox DocuPrint C55 PCL 5C
Xerox DocuPrint NC60
 
Back
Top