Install a windows driver without the unsigned warning appearing
Solution 1
This is why you can't do that:
http://support.microsoft.com/kb/298503
It also suggests some workarounds; if your computers are in a domain, you can use a Group Policy setting to configure driver loading behaviour.
Solution 2
if you ever find the solution to that then you can sell it to virus/trojan authors. They love to know that as well. This would mean they can distribute malware without asking the user for permission. (That's why Microsoft introduced this feature. Don't hack Microsoft.)
Solution 3
For windows 7 this can be done (ref: http://www.killertechtips.com/2009/05/05/disable-driver-signing-windows-7/) from an Administrator command window using:
bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
Related videos on Youtube
user5305702
Currently working in C#, python, ruby and Haskell
Updated on September 18, 2022Comments
-
user5305702 over 1 year
I'm trying to create a batch install file and one of the tasks it does is install a 3rd party driver. This is unsigned and so pops up a warning and causes the rest of the script to fail on Windows XP Professional service pack 3.
I've tried the following:
reg add "HKCU\Software\Policies\Microsoft\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Driver Signing" /t REG_DWORD /v Policy /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing" /t REG_BINARY /v Policy /d 00 /f REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing" /t REG_BINARY /v Policy /d 00 /f REG ADD "HKEY_USERS\.DEFAULT\Software\Microsoft\Driver Signing" /t REG_DWORD /v Policy /d 0 /f
And none of these appear to change it. The script will have to be run on many machines so I can't do it the manual way. Does anyone know how this can be done?
-
jscott over 12 yearsIf you maintain a domain CA, you can issue yourself a cert and [re-]sign the drivers. As the CA should be trusted by all your clients, you should no longer see the prompt when installing.
-
user5305702 over 12 years@jscott, thanks we have a signing cert but it's the windows logo validation cert that it's looking for.
-
-
user1364702 over 12 yearsAs a side note, I've found that sometimes you have to hack away at some things to get applications to work properly... :-/
-
user5305702 over 12 years@mailq, thanks for your answer but this is not an attempt to undermine the security model in windows. Merely trying to find the best way to do it gptemplate etc.
-
sinping over 12 yearsAnd you have to reboot afterwards. You can do the same thing temporarily by pressing F8 to get the boot menu and booting with the requirements off. Then you can reboot again to re-enable them. You likely don't want to permanently disable the signing requirements.