I'm looking for a way to disable the Driver Signing on Windows 7 so that we can deploy some drivers to machines over our network (Group Policy, etc.). The option is not there in Server 2008 R2 so we need a way to do it as a Script or Registry Key that can be managed from the Server. It can be done through Local Group Policy on each machine but I refuse to accept that it's the only way.
You can’t permanently disable the use of signed drivers in the 64-bit version of Windows Server 2008. It’s possible to disable the use of signed drivers in the 32-bit version by making a change in the global policy, but R2 doesn't have the option. So it's Local GPO or no GPO I'm afraid.
The best you can do for 64-bit Windows Server 2008 (and Vista and 7) is to boot the system with the driver signature disabled (Press F4, where the option for Safe Mode is). The problem, is that this is only ONCE. Where if you reboot to normal Windows, the drivers won't be loaded. And you CANNOT auto-boot into this disabled driver signature mode.
try this.. I used to use this with vista 64 and it worked great http://www.citadelindustries.net/rdp.php oh nm.. I see your running 2008
Thanks for the replies guys. We do run some older 2008 servers so we can apply it from there. It's not ideal but it solves the problem Crappy hardware comes with crappy drivers The choice is most certainly out of our hands
I'm sure we have one in work for this, infact I'm possitive we do, I will have a look tomorrow when I'm in if I get a chance to look into it
Thought it was about time I registered for myself rather than having Fantus help me out posting (cheers mate ) Through some obscure Microsoft KBs I have worked out the answer just before I left work, I'll post the answer for reference in a little while when I have collated the info. Pretty easy/obvious now I look back at it!
Manage installation of unsigned device drivers from Win7 / 2008 / 2008 R2 Here are the instructions to disable driver signing through group policy from a 2008/2008 R2 DC, or with local group policy on a Vista/7 machine. For those that are as impatient as I am, or already know what to do but just need pointing in the right direction, here is the one I made earlier: Summary The problem is that the option that used to exist for disabling driver signing in Windows XP on Server 2003 does not exist any more. It used to be found in Group Policy Editor under Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Devices: Unsigned driver installation behavior. Solution The solution to this is to manually edit the Security Template so that we can once again manage this setting. The template is stored here: c:\windows\inf\Sceregvl.inf Step 1: Backup First of all, back up the Sceregvl.inf file to a known location. Hopefully this bit goes without saying! Step 2: Gain access to the template To edit the template, we first need to get access to modify the file: Log on to the computer as an administrator. Make a backup copy of the c:\windows\inf\Sceregvl.inf file. Take ownership of this file and give the Administrators group full access user rights. To do this, follow these steps: Note This file is owned by the TrustedInstaller group. Therefore, the Administrators have only read-only access user rights. Right-click the c:\windows\inf\Sceregvl.inf file, and then click Properties. Click the Security tab. Click Advanced. Click the Owner tab. Click Edit. Under Change Owner to, click the Administrators group, and then click OK. Click OK three times. To give the Administrators group full access user rights to the file, follow these steps. Note After you give the Administrators group full access user rights, you can edit and save changes to the file. Right-click the c:\windows\inf\Sceregvl.inf file, and then click Properties. Click the Security tab. Click Edit. Under Group or User names, click the Administrators group. Under Permissions for Administrators, click to select the Allow check box for Full control, and then click OK. Click OK to close the Sceregvl.inf Properties dialog box. Step 3: Add the driver signing setting Now we need to add in the line to be able to manage the driver signing preference. Open and edit the c:\windows\inf\Sceregvl.inf file by using Notepad. Add the following text to the [Register Registry Values] section: MACHINE\Software\Microsoft\Driver Signing\Policy,3,"Devices: Unsigned driver installation behavior",3,0|"Silently succeed ",1|"Warn but allow installation",2|"Do not allow installation" Save the changes. Now we need to re-register our template: At a command prompt, type the following command: regsvr32 scecli.dll Step 4: Tidy up behind ourselves And last but not least, reset the permissions back how we found them: Reset the file ownership and permissions for the c:\windows\inf\Sceregvl.inf file back to the default settings. To do this, follow these steps: Right-click the c:\windows\inf\Sceregvl.inf file, and then click Properties. Click the Security tab. Click Advanced. Click the Owner tab. Click Edit. Click Other users or groups. Click Locations. Under Locations, click your local computer name, and then click OK. In the Select Users or Group window, type NT SERVICE\TrustedInstaller under Enter the object name to select, and then click OK. In the Advanced Security Settings for Sceregvl.inf window, click the TrustedInstaller account under Change Owner to, and then click OK. Click OK three times. Reset the Administrators group access permissions for the c:\windows\inf\Sceregvl.inf file back to only Read & execute and Read. To do this, follow these steps: Right-click the c:\windows\inf\Sceregvl.inf file, and then click Properties. Click the Security tab. Click Edit. Under Group or User names, click the Administrators group. Under Permissions for Administrators, click to clear all the check boxes except the Read & execute check box and the Read check box, and then click OK. Click OK to close the Sceregvl.inf Properties dialog box. Step 5: Install those drivers! The option to manage device signing for the client machines should now be back where it always was: Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Devices: Unsigned driver installation behavior. References http://www.lockergnome.com/windows/...river-signing-through-group-policy-editor-xp/ http://support.microsoft.com/kb/947721 http://windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html http://support.microsoft.com/?kbid=947250 http://social.technet.microsoft.com...P/thread/086de0c4-7766-424d-aacd-56f8ab4c6c80
