Configuring Windows to Ignore Unsigned Device Drivers
Device drivers that
meet the Designed for Windows 7 specifications have been tested for
compatibility with Microsoft and are then given a digital signature.
This signature tells you that the driver works properly with Windows and
that it hasn’t been changed since it was tested. (For example, the
driver hasn’t been infected by a virus or Trojan horse program.) When
you’re installing a device, if Windows 7 comes across a driver that has
not been digitally signed, it displays a dialog box similar to the one
shown in Figure 3.
If you click Don’t
Install This Driver Software, Windows aborts the driver installation,
and you won’t be able to use the device. This is the most prudent choice
in this situation because an unsigned driver can cause all kinds of
havoc, including lock-ups, BSODs (blue screens of death), and other
system instabilities. You should check the manufacturer’s website for an
updated driver that’s compatible with your version of Windows, or you
can upgrade to newer hardware that’s supported by your version of
Windows.
However, although not installing an unsigned driver is the prudent choice, it’s not the most convenient choice because, in most cases, you probably want to use the device now rather than later. The truth is that most
of the time these unsigned drivers cause no problems and work as
advertised, so it’s probably safe to continue with the installation. In
any case, Windows always sets a restore point prior to the installation
of an unsigned driver, so you can always restore your system to its
previous state should anything go wrong.
Note
Test your system
thoroughly after installing the driver: Use the device, open and use
your most common applications, and run some disk utilities. If anything
seems awry, roll back the driver, as described in the previous section.
If that doesn’t work, use the restore point to roll back the system to
its previous configuration.
By default, Windows
gives you the option of either continuing or aborting the installation
of the unsigned driver. You can change this behavior to automatically
accept or reject all unsigned drivers by following these steps:
1. | In Windows 7, select Start, type gpedit.msc, and press Enter to launch the Local Group Policy Object Editor.
Note
If you’re running a
version of Windows 7 that doesn’t come with the Group Policy Editor,
I’ll show you a bit later how to perform this tweak using the Registry.
|
2. | Open the User Configuration\Administrative Templates\System\Driver Installation branch.
|
3. | Double-click
the Code Signing for Device Drivers policy. Windows displays the Code
Signing for Device Drivers Properties dialog box.
|
4. | Click Enable.
|
5. | Use the When Windows Detects a Driver File Without a Digital Signature list to select one of the following items (see Figure 4):
- Ignore— Choose this option if you want Windows 7 to install all unsigned drivers.
- Warn— Choose this option if you want Windows 7 to warn you about an unsigned driver by displaying the dialog box shown earlier in Figure 3.
- Block— Choose this option if you do not want Windows 7 to install any unsigned drivers.
|
6. | Click OK.
|
Tip
There are some
device drivers that Windows 7 knows will cause system instabilities.
Windows 7 will simply refuse to load these problematic drivers, no
matter which action you choose in the Driver Signing Options dialog box.
In this case, you’ll see a dialog box similar to the one in Figure 22.3, except this one tells you that the driver will not be installed, and your only choice is to cancel the installation.
If
your version of Windows 7 doesn’t support the Local Group Policy
Editor, follow these steps to set the driver signing options via the
Registry:
1. | Select Start, type regedit, press Enter, and then enter your User Account Control credentials. Windows 7 launches the Registry Editor.
|
2. | Navigate to the following key:
HKCU\Software\Policies\Microsoft\
|
3. | If you don’t see a Windows NT key, select Edit, New, Key, type Windows NT, and click OK.
|
4. | Select Edit, New, Key, type Driver Signing, and click OK.
|
5. | Select Edit, New, DWORD, type BehaviorOnFailedVerify, and click OK.
|
6. | Double-click the BehaviorOnFailedVerify setting to open it for editing.
|
7. | Type one of the following values:
- 1— (Ignore) Use this value if you want Windows 7 to install all unsigned drivers.
- 2— (Warn) Use this value if you want Windows 7 to warn you about an unsigned driver by displaying the dialog box shown earlier in Figure 22.3.
- 3— (Block) Use this value if you do not want Windows 7 to install any unsigned drivers.
|
8. | Click OK. |