Dear all ,
Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the user
prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt and
simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation” 
Thanks ,
Christiaan
Christiaan Ghijselinck wrote:
Dear all ,
Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the user
prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt and
simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
Do you mean, without the user’s knowledge? Such a thing would make the
whole driver signing concept rather useless, wouldn’t it?
You can disable this on your own machine by bringing up the system
control panel, Hardware tab, and click Driver Signing.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> >Dear all ,
>
>Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the user
>prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt and
>simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
>
>Do you mean, without the user’s knowledge? Such a thing would make the
whole driver signing concept rather useless, wouldn’t it?You can disable this on your own machine by bringing up the system
control panel, Hardware tab, and click Driver Signing.
Some people want to do an “unattended” driver installation , even from a remote central station on their LAN , but that obviously
contains a unsigned driver . Can you imagine to go and click on about 120 PC’s the “allow unsigned”
button :-)))
C.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compaqnet.be
To unsubscribe send a blank email to xxxxx@lists.osr.com
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Christiaan Ghijselinck[SMTP:xxxxx@CompaqNet.be]
Reply To: Windows System Software Devs Interest List
Sent: Friday, July 01, 2005 1:49 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …> You can disable this on your own machine by bringing up the system
> control panel, Hardware tab, and click Driver Signing.Some people want to do an “unattended” driver installation , even from a remote central station on their LAN , but that obviously
contains a unsigned driver . Can you imagine to go and click on about 120 PC’s the “allow unsigned”
button :-)))
Try to capture registry activity during above mentioned manual change using RegMon. Once I needed it for similar reasons and it was matter of one or two registry changes. If things didn’t change since then (w2k SP0 probably), you can write a simple app which changes registry, installs driver and restores original values.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
> >
Try to capture registry activity during above mentioned manual change using RegMon. Once I needed it for similar reasons and it
was matter of one or two registry changes. If things didn’t change since then (w2k SP0 probably), you can write a simple app which
changes registry, installs driver and restores original values.
Thanks , but it doesn’t work anymore in Server2003 . If have found these keys :
[HKEY_CURRENT_USER\Software\Microsoft\Driver Signing]
“Policy”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing]
“Policy”=hex:00
When “Signing” is changed via System Propeties \ Hardware , there is also a kind of “haskey” written in ( IIRC )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
When you change the “Policy” keys manually in the registry , at least the one in HKLM changes back to the original
value during the driver install run … probably after decrypting that hash key ? Of course , the message box
pops up again
Christiaan
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Christiaan Ghijselinck[SMTP:xxxxx@CompaqNet.be]
Reply To: Windows System Software Devs Interest List
Sent: Friday, July 01, 2005 3:53 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …When you change the “Policy” keys manually in the registry , at least the one in HKLM changes back to the original
value during the driver install run … probably after decrypting that hash key ? Of course , the message box
pops up again
Well, it is by design: http://support.microsoft.com/?kbid=298503&sd=RMVP (found article using registry names :). There are alternative ways described there which might help in your case.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
You may roll you own simple command line installer: all you need is to
call to OpenSCManager/CreateService/CloseServiceHandle.
For legacy drivers that is all you’need: for other types of drivers you
may have to set other params in the registry yourself.
Cheers,
Marco
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Christiaan
Ghijselinck
Sent: Friday, July 01, 2005 1:27 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Allowing unattended installation of unsigned drivers
…
Dear all ,
Does exists a method or command line tool that allows to turn off (
allow ) the installation of unsigned drivers without the user prompt ,
and that subsequently restores the original setting after installation ?
Something that suppresses the user prompt and
simulates OK is all right too . I need this rather urgently , and
can’t wait for the “signation”
Thanks ,
Christiaan
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@neovalens.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
For Server 2003 drivers you can do this by acquiring an Authenticode
certificate and applying it to your install package. This will not work for
XP however. Check Verisign or other such certificate providers.
–
The personal opinion of
Gary G. Little
“Christiaan Ghijselinck” wrote in
message news:xxxxx@ntdev…
>> >
>> Try to capture registry activity during above mentioned manual change
>> using RegMon. Once I needed it for similar reasons and it
> was matter of one or two registry changes. If things didn’t change since
> then (w2k SP0 probably), you can write a simple app which
> changes registry, installs driver and restores original values.
>
> Thanks , but it doesn’t work anymore in Server2003 . If have found these
> keys :
>
> [HKEY_CURRENT_USER\Software\Microsoft\Driver Signing]
> “Policy”=dword:00000000
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing]
> “Policy”=hex:00
>
> When “Signing” is changed via System Propeties \ Hardware , there is also
> a kind of “haskey” written in ( IIRC )
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
>
> When you change the “Policy” keys manually in the registry , at least the
> one in HKLM changes back to the original
> value during the driver install run … probably after decrypting that
> hash key ? Of course , the message box
> pops up again
>
> Christiaan
>
>
>
>>
>> Best regards,
>>
>> Michal Vodicka
>> UPEK, Inc.
>> [xxxxx@upek.com, http://www.upek.com]
>>
>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
>> ‘’
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
…/ray..
Christiaan Ghijselinck wrote:
Dear all ,
Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the user
prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt and
simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”Thanks ,
Christiaan
> Wouldn’t it be easier to get a test signature for your driver and
install the base test certificate on the machines where you want to load
the driver? It takes almost 0 time to test-sign a driver.…/ray..
Yes, but as “Gary” stated "
>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>certificate and applying it to your install package. This will not work for
>>XP however. Check Verisign or other such certificate providers.
>>–
>>The personal opinion of
>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
Christiaan Ghijselinck wrote:
> Dear all ,
>
> Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the
user
> prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt
and
> simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
>
> Thanks ,
>
> Christiaan
>
>
>
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@compaqnet.be
To unsubscribe send a blank email to xxxxx@lists.osr.com
If you are trying to “turn off” unsigned driver warnings in order to
install some software that doesn’t have a signature across your
enterprise, use the domain policy to allow it, although you might question
your vendor about why it’s unsigned, such as there is no WHQL category for
that class of driver or something like that.
If you are trying to do this so you can ship your unfinished product,
don’t. Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM
Please respond to
“Windows System Software Devs Interest List”
To
“Windows System Software Devs Interest List”
cc
Subject
Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work
for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off (
allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after
installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and
can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
If you are trying to “turn off” unsigned driver warnings in order to install some software that doesn’t have a signature across
your enterprise, use the domain policy to allow it,
Correct , but the domain policy and the settings within Device Manager for “Signing” are OR-ed . If one sets te Domain Policy to
“allow unsigned” , the OS will still prompt if the user left ( or has set ) the default “Prompt” value .
Btw.: On a particular XP system, I get this during normal operation ( setupapi.log ) :
#E360 An unsigned or incorrectly signed file “D:\WINDOWS\system32\xxxxxxx” for driver “xxxxxxxxx” will be installed (Policy=Ignore).
Error 0x800b0100: No signature was present in the subject.
And in fact there is NO prompt during installation of the driver , although domain policy and the “Driver Signing Options” accessed
via Device Manager are set to “Warn” . Any ideas how to bring this situation back to normal ?
Christiaan
although you might question your vendor about why it’s unsigned, such as there is no WHQL category for that class of driver or
something like that.
If you are trying to do this so you can ship your unfinished product, don’t. Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM Please respond to
“Windows System Software Devs Interest List”
To “Windows System Software Devs Interest List”
cc
Subject Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: xxxxx@compaqnet.be To unsubscribe send a blank email to xxxxx@lists.osr.com
Some production software overflows the concept of “signing”. And the requirements for signing are far too encompassing anyway, so, I take the opposite viewpoint: unless I need my software to be signed - emphasis on the *need* - my attitude is, why bother ? It’s a big drain in manpower, it extends the product cycle by a significant amount and it may cause the product to miss a marketing window.
Alberto.
----- Original Message -----
From: Christiaan Ghijselinck
To: Windows System Software Devs Interest List
Sent: Monday, July 04, 2005 2:54 AM
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …
If you are trying to “turn off” unsigned driver warnings in order to install some software that doesn’t have a signature across your enterprise, use the domain policy to allow it,
Correct , but the domain policy and the settings within Device Manager for “Signing” are OR-ed . If one sets te Domain Policy to “allow unsigned” , the OS will still prompt if the user left ( or has set ) the default “Prompt” value .
Btw.: On a particular XP system, I get this during normal operation ( setupapi.log ) :
#E360 An unsigned or incorrectly signed file “D:\WINDOWS\system32\xxxxxxx” for driver “xxxxxxxxx” will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
And in fact there is NO prompt during installation of the driver , although domain policy and the “Driver Signing Options” accessed via Device Manager are set to “Warn” . Any ideas how to bring this situation back to normal ?
Christiaan
although you might question your vendor about why it’s unsigned, such as there is no WHQL category for that class of driver or something like that.
If you are trying to do this so you can ship your unfinished product, don’t. Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM Please respond to
“Windows System Software Devs Interest List”
To “Windows System Software Devs Interest List”
cc
Subject Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@compaqnet.be To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
I believe that Longhorn is leading the way on this. You will be able to
apply an Authenticode certificate.
The personal opinion of
Gary G. Little
“Christiaan Ghijselinck” wrote in
message news:xxxxx@ntdev…
>
>
>> Wouldn’t it be easier to get a test signature for your driver and
>> install the base test certificate on the machines where you want to load
>> the driver? It takes almost 0 time to test-sign a driver.
>> –
>> …/ray..
>
>
> Yes, but as “Gary” stated "
>
>>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>>certificate and applying it to your install package. This will not work
>>>>for
>>>>XP however. Check Verisign or other such certificate providers.
>>>>–
>>>>The personal opinion of
>>>>Gary G. Little
>
> … this works only on Server2003 . Does anyone knows if this will become
> available in XP ( SP’s ) and become/is available in Longhorn ?
>
>
> Christiaan
>
>
>
>
>
>>
>> Christiaan Ghijselinck wrote:
>> > Dear all ,
>> >
>> > Does exists a method or command line tool that allows to turn off (
>> > allow ) the installation of unsigned drivers without the
> user
>> > prompt , and that subsequently restores the original setting after
>> > installation ? Something that suppresses the user prompt
> and
>> > simulates OK is all right too . I need this rather urgently , and
>> > can’t wait for the “signation”
>> >
>> > Thanks ,
>> >
>> > Christiaan
>> >
>> >
>> >
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as:
>> xxxxx@compaqnet.be
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
Everytime I install hardware and the driver is unsigned I think ‘here is a
comapny that cannot even be bothered to get their drivers signed’. Signing
is no guarantee of quality, but lack of a signature is a pretty good
indicator of a company that just doesn’t care much about quality.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alberto Moreira
Sent: Monday, July 04, 2005 10:17 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers
…
Some production software overflows the concept of “signing”. And the
requirements for signing are far too encompassing anyway, so, I take the
opposite viewpoint: unless I need my software to be signed - emphasis on the
*need* - my attitude is, why bother ? It’s a big drain in manpower, it
extends the product cycle by a significant amount and it may cause the
product to miss a marketing window.
Alberto.
----- Original Message -----
From: Christiaan Ghijselinck mailto:xxxxx
To: Windows System Software Devs Interest mailto:xxxxx List
Sent: Monday, July 04, 2005 2:54 AM
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers
…
If you are trying to “turn off” unsigned driver warnings in order to install
some software that doesn’t have a signature across your enterprise, use the
domain policy to allow it,
Correct , but the domain policy and the settings within Device Manager for
“Signing” are OR-ed . If one sets te Domain Policy to “allow unsigned” ,
the OS will still prompt if the user left ( or has set ) the default
“Prompt” value .
Btw.: On a particular XP system, I get this during normal operation (
setupapi.log ) :
#E360 An unsigned or incorrectly signed file “D:\WINDOWS\system32\xxxxxxx”
for driver “xxxxxxxxx” will be installed (Policy=Ignore). Error 0x800b0100:
No signature was present in the subject.
And in fact there is NO prompt during installation of the driver , although
domain policy and the “Driver Signing Options” accessed via Device Manager
are set to “Warn” . Any ideas how to bring this situation back to normal ?
Christiaan
although you might question your vendor about why it’s unsigned, such as
there is no WHQL category for that class of driver or something like that.
If you are trying to do this so you can ship your unfinished product, don’t.
Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM
Please respond to
“Windows System Software Devs Interest List”
To
“Windows System Software Devs Interest List”
cc
Subject
Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work
for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off (
allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after
installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and
can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: xxxxx@compaqnet.be To unsubscribe send a blank
email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx>
On Mon, 4 Jul 2005 10:35:51 -0400, Mark Roddy wrote:
Everytime I install hardware and the driver is unsigned I think ‘here is a
comapny that cannot even be bothered to get their drivers signed’. Signing
is no guarantee of quality, but lack of a signature is a pretty good
indicator of a company that just doesn’t care much about quality.
… or of a company that has built quality control into their own
infrastructure instead of supporting this particular M$ revenue stream.
Some companies have their own quality mechanisms. Some products do not fit the current signing track. My own experience is that whql is a costly, lengthy, resource-wasting process; if I look back, whql has been a money sink with little or no return. Worse, we had to spend a lot of time, money and energy adding bells and whistles that we wouldn’t have bothered with, just to pass whql and keep some mouths shut. Good Lord, how much time did I waste looking for a 1% difference in one pixel in a large texture map, or bothering to render by software instead of by hardware because there was a half-pixel deviation between my triangle and what they wanted - even though the OpenGL spec itself allowed me the leeway ? Having to coax my chip and my pipeline to render exactly the same as the Microsoft OpenGL implementation ?
Thanks but no, thanks. I pass.
But that said, let me throw in a suggestion. How about a Microsoft-independent way of certifying software quality ? A mechanism that concentrates on real quality ? a design-independent mechanism ? A mechanism that respects established industrywide standards achieved by multilateral agreement ? A mechanism that does not rely on compliance with party-line tenets ? An objective, unbiased mechanism, that establishes clear objectives to be attained with and only with the product’s executable and no other strings attached ? A mechanism established by a wide consensus ? A mechanism that’s portable across platforms and across operating systems ?
Hey, I’d be fully supportive of it.
Alberto.
----- Original Message -----
From: Mark Roddy
To: Windows System Software Devs Interest List
Sent: Monday, July 04, 2005 10:35 AM
Subject: RE: [ntdev] Allowing unattended installation of unsigned drivers …
Everytime I install hardware and the driver is unsigned I think ‘here is a comapny that cannot even be bothered to get their drivers signed’. Signing is no guarantee of quality, but lack of a signature is a pretty good indicator of a company that just doesn’t care much about quality.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Alberto Moreira
Sent: Monday, July 04, 2005 10:17 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …
Some production software overflows the concept of “signing”. And the requirements for signing are far too encompassing anyway, so, I take the opposite viewpoint: unless I need my software to be signed - emphasis on the *need* - my attitude is, why bother ? It’s a big drain in manpower, it extends the product cycle by a significant amount and it may cause the product to miss a marketing window.
Alberto.
----- Original Message -----
From: Christiaan Ghijselinck
To: Windows System Software Devs Interest List
Sent: Monday, July 04, 2005 2:54 AM
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …
If you are trying to “turn off” unsigned driver warnings in order to install some software that doesn’t have a signature across your enterprise, use the domain policy to allow it,
Correct , but the domain policy and the settings within Device Manager for “Signing” are OR-ed . If one sets te Domain Policy to “allow unsigned” , the OS will still prompt if the user left ( or has set ) the default “Prompt” value .
Btw.: On a particular XP system, I get this during normal operation ( setupapi.log ) :
#E360 An unsigned or incorrectly signed file “D:\WINDOWS\system32\xxxxxxx” for driver “xxxxxxxxx” will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
And in fact there is NO prompt during installation of the driver , although domain policy and the “Driver Signing Options” accessed via Device Manager are set to “Warn” . Any ideas how to bring this situation back to normal ?
Christiaan
although you might question your vendor about why it’s unsigned, such as there is no WHQL category for that class of driver or something like that.
If you are trying to do this so you can ship your unfinished product, don’t. Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM Please respond to
“Windows System Software Devs Interest List”
To “Windows System Software Devs Interest List”
cc
Subject Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@compaqnet.be To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Yeah, at $200 a pop this is a huge revenue stream. I’ve encountered a few
companies that claim their quality control is outstanding and Microsoft
testing is worthless or wrong. Seems like any driver I get from them is
crap, with memory leaks and other stupidities.
The claim of that it takes a lot of time and effort causing missed windows
is stupid also. Yes there are cases where if something is unique you will
get nailed because of the tests. But most devices if they work propoerly
should pass the testing relatively easily and after the first submission
this is a no brainer. Microsoft has gotten their turnaround for submissions
down to a day or two so this is not going to miss a marketing window.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
----- Original Message -----
From: “BobF”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Monday, July 04, 2005 10:59 AM
Subject: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> On Mon, 4 Jul 2005 10:35:51 -0400, Mark Roddy wrote:
>
>> Everytime I install hardware and the driver is unsigned I think ‘here is
>> a
>> comapny that cannot even be bothered to get their drivers signed’.
>> Signing
>> is no guarantee of quality, but lack of a signature is a pretty good
>> indicator of a company that just doesn’t care much about quality.
>>
> … or of a company that has built quality control into their own
> infrastructure instead of supporting this particular M$ revenue stream.
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
If a company has built quality control into their product then the WHQL test
ought to be trivial. My completely subjective experience is that, in
general, the lack of a signed driver correlates with shitty quality.
Like I said originally, WHQL doesn’t guarantee quality, but lack of WHQL
qualification seems to correlate with lack of quality.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, July 04, 2005 12:42 PM
To: Windows System Software Devs Interest List
Subject: Re: Re:[ntdev] Allowing unattended installation of
unsigned drivers …Yeah, at $200 a pop this is a huge revenue stream. I’ve
encountered a few companies that claim their quality control
is outstanding and Microsoft testing is worthless or wrong.
Seems like any driver I get from them is crap, with memory
leaks and other stupidities.The claim of that it takes a lot of time and effort causing
missed windows is stupid also. Yes there are cases where if
something is unique you will get nailed because of the tests.
But most devices if they work propoerly should pass the
testing relatively easily and after the first submission this
is a no brainer. Microsoft has gotten their turnaround for
submissions down to a day or two so this is not going to miss
a marketing window.Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
StopSpam from the email to reply----- Original Message -----
From: “BobF”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Monday, July 04, 2005 10:59 AM
> Subject: Re:[ntdev] Allowing unattended installation of
> unsigned drivers …
>
>
> > On Mon, 4 Jul 2005 10:35:51 -0400, Mark Roddy wrote:
> >
> >> Everytime I install hardware and the driver is unsigned I
> think ‘here is
> >> a
> >> comapny that cannot even be bothered to get their drivers signed’.
> >> Signing
> >> is no guarantee of quality, but lack of a signature is a
> pretty good
> >> indicator of a company that just doesn’t care much about quality.
> >>
> > … or of a company that has built quality control into their own
> > infrastructure instead of supporting this particular M$
> revenue stream.
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@acm.org
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@hollistech.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
WHQL does not prove quality. WHQL provides no assurance, at all, that the driver you are about to install on your hardware will work in your hardware. It never has and it probably never will. Quality is in the purview of the authoring agency. Therefore, any argument as to quality provided by WHQL is spurious.
What it does do, is sign the driver with a certificate that provides a strong degree of certainty that the driver being installed is authentic. and not the proverbial wolf in sheep’s clothing. At the 2002 and 2003 DevCon I heard over and over again that if software was not signed that software would not be installed. It was not a quality issue, it was a security issue. The certificated package provided proof that the software was authentic. To refuse to provide that proof of authenticity to a customer is, as Don would say, stupid, and as I would say, shows ignorance of what WHQL provides.
Server 2003 and Longhorn will allow an Aurthenticode signature to prove authenticity. I personally think that should be extended to the next service pack for XP and 2000. I certainly don’t mind proving that the package I just delivered really is from me.
–
The personal opinion of
Gary G. Little
“Alberto Moreira” wrote in message news:xxxxx@ntdev…
Some companies have their own quality mechanisms. Some products do not fit the current signing track. My own experience is that whql is a costly, lengthy, resource-wasting process; if I look back, whql has been a money sink with little or no return. Worse, we had to spend a lot of time, money and energy adding bells and whistles that we wouldn’t have bothered with, just to pass whql and keep some mouths shut. Good Lord, how much time did I waste looking for a 1% difference in one pixel in a large texture map, or bothering to render by software instead of by hardware because there was a half-pixel deviation between my triangle and what they wanted - even though the OpenGL spec itself allowed me the leeway ? Having to coax my chip and my pipeline to render exactly the same as the Microsoft OpenGL implementation ?
Thanks but no, thanks. I pass.
But that said, let me throw in a suggestion. How about a Microsoft-independent way of certifying software quality ? A mechanism that concentrates on real quality ? a design-independent mechanism ? A mechanism that respects established industrywide standards achieved by multilateral agreement ? A mechanism that does not rely on compliance with party-line tenets ? An objective, unbiased mechanism, that establishes clear objectives to be attained with and only with the product’s executable and no other strings attached ? A mechanism established by a wide consensus ? A mechanism that’s portable across platforms and across operating systems ?
Hey, I’d be fully supportive of it.
Alberto.
----- Original Message -----
From: Mark Roddy
To: Windows System Software Devs Interest List
Sent: Monday, July 04, 2005 10:35 AM
Subject: RE: [ntdev] Allowing unattended installation of unsigned drivers …
Everytime I install hardware and the driver is unsigned I think ‘here is a comapny that cannot even be bothered to get their drivers signed’. Signing is no guarantee of quality, but lack of a signature is a pretty good indicator of a company that just doesn’t care much about quality.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
--------------------------------------------------------------------------
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Alberto Moreira
Sent: Monday, July 04, 2005 10:17 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …
Some production software overflows the concept of “signing”. And the requirements for signing are far too encompassing anyway, so, I take the opposite viewpoint: unless I need my software to be signed - emphasis on the need - my attitude is, why bother ? It’s a big drain in manpower, it extends the product cycle by a significant amount and it may cause the product to miss a marketing window.
Alberto.
----- Original Message -----
From: Christiaan Ghijselinck
To: Windows System Software Devs Interest List
Sent: Monday, July 04, 2005 2:54 AM
Subject: Re: [ntdev] Allowing unattended installation of unsigned drivers …
If you are trying to “turn off” unsigned driver warnings in order to install some software that doesn’t have a signature across your enterprise, use the domain policy to allow it,
Correct , but the domain policy and the settings within Device Manager for “Signing” are OR-ed . If one sets te Domain Policy to “allow unsigned” , the OS will still prompt if the user left ( or has set ) the default “Prompt” value .
Btw.: On a particular XP system, I get this during normal operation ( setupapi.log ) :
#E360 An unsigned or incorrectly signed file “D:\WINDOWS\system32\xxxxxxx” for driver “xxxxxxxxx” will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
And in fact there is NO prompt during installation of the driver , although domain policy and the “Driver Signing Options” accessed via Device Manager are set to “Warn” . Any ideas how to bring this situation back to normal ?
Christiaan
although you might question your vendor about why it’s unsigned, such as there is no WHQL category for that class of driver or something like that.
If you are trying to do this so you can ship your unfinished product, don’t. Finish it right, then ship it.
Phil
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
“Christiaan Ghijselinck”
Sent by: xxxxx@lists.osr.com
No Phone Info Available
07/02/2005 07:34 AM Please respond to
“Windows System Software Devs Interest List”
To “Windows System Software Devs Interest List”
cc
Subject Re: Re:[ntdev] Allowing unattended installation of unsigned drivers …
> Wouldn’t it be easier to get a test signature for your driver and
> install the base test certificate on the machines where you want to load
> the driver? It takes almost 0 time to test-sign a driver.
> –
> …/ray..
Yes, but as “Gary” stated "
>>>For Server 2003 drivers you can do this by acquiring an Authenticode
>>>certificate and applying it to your install package. This will not work for
>>>XP however. Check Verisign or other such certificate providers.
>>>–
>>>The personal opinion of
>>>Gary G. Little
… this works only on Server2003 . Does anyone knows if this will become
available in XP ( SP’s ) and become/is available in Longhorn ?
Christiaan
>
> Christiaan Ghijselinck wrote:
> > Dear all ,
> >
> > Does exists a method or command line tool that allows to turn off ( allow ) the installation of unsigned drivers without the
user
> > prompt , and that subsequently restores the original setting after installation ? Something that suppresses the user prompt
and
> > simulates OK is all right too . I need this rather urgently , and can’t wait for the “signation”
> >
> > Thanks ,
> >
> > Christiaan
> >
> >
> >
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@compaqnet.be
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@compaqnet.be To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com