I'm having huge problems with DEP since my managed app uses an older activex dll. I am setting the nxcompat:no in post build, but the problems continue. I have read that the msi deployment project may be using an exe with the bit not set, despite my best efforts. Is there a way to read the header of an exe to see the state of the flag? So far I have not found a way to do this. I want to check what's actually being deployed on the users machine. What a mess.