Hi,
I developed a windows driver, and test signed it based on document provided by microsoft, http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx, the test certificate is valid and has been installed in the Trust Root Certification Authorities certificate store and Trusted Publishers certificate store, all binary file of the driver can be verified by Signtool successfully.
In Server2008_X64 and Vista_X64, it works fine, but in Server2003 and XP, when i install the test signed driver, new hardware wizard always pops up, i heard that a signed driver can stop it. what i want to know is: can a test signed driver stop the new hardware wizard?
any help is appreciated.
This is all a guess at best:
I have no idea of whether this is the problem or not, but there are a number of settings in group
policy that can influence the behavior of installations, including some that control behavior based
on whether something is signed by msft or someone else; exactly what they might mean for a ‘test
signed’ image, I really don’t know, except that it would at least be a non-msft signed image. Most
of these settings can be found under ‘Administrative Templates/Windows Installer’ and
‘Administrative Templates/Windows Update,’ both in the machine policy settings and in the user
policy settings.
Why do you care about this at all?
mm
xxxxx@oracle.com wrote:
Hi,
I developed a windows driver, and test signed it based on document provided by microsoft, http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx, the test certificate is valid and has been installed in the Trust Root Certification Authorities certificate store and Trusted Publishers certificate store, all binary file of the driver can be verified by Signtool successfully.
In Server2008_X64 and Vista_X64, it works fine, but in Server2003 and XP, when i install the test signed driver, new hardware wizard always pops up, i heard that a signed driver can stop it. what i want to know is: can a test signed driver stop the new hardware wizard?
any help is appreciated.
I develop a installer for this windows driver which install driver
automatically, but new hardware wizard always pop up, user must click
cancel every time, meanwhile i can not change policy setting on user’s
machine.
Martin O’Brien wrote:
This is all a guess at best:
I have no idea of whether this is the problem or not, but there are a
number of settings in group policy that can influence the behavior of
installations, including some that control behavior based on whether
something is signed by msft or someone else; exactly what they might
mean for a ‘test signed’ image, I really don’t know, except that it
would at least be a non-msft signed image. Most of these settings can
be found under ‘Administrative Templates/Windows Installer’ and
‘Administrative Templates/Windows Update,’ both in the machine policy
settings and in the user policy settings.Why do you care about this at all?
mm
xxxxx@oracle.com wrote:
> Hi,
> I developed a windows driver, and test signed it based on document
> provided by microsoft,
> http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx,
> the test certificate is valid and has been installed in the Trust
> Root Certification Authorities certificate store and Trusted
> Publishers certificate store, all binary file of the driver can be
> verified by Signtool successfully.
> In Server2008_X64 and Vista_X64, it works fine, but in Server2003
> and XP, when i install the test signed driver, new hardware wizard
> always pops up, i heard that a signed driver can stop it. what i want
> to know is: can a test signed driver stop the new hardware wizard?
> any help is appreciated.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
This was a change in the OS behavior between Server 2003 and Vista. The process that works for Vista going forward does not work prior to Vista.
Prior to Vista, the only way to avoid the pop-ups was to have a Windows signature, which you could get by being an in-box driver or by getting a WHQL signature (pass the logo tests).
For testing purposes, you should be able to use “devcon install” to install the driver without pop-ups. Or, winqual will “test sign” your driver package and provide you with the testroot.cer file that you can install and avoid the pop-ups.
Thanks for your information.
Now our driver is under development and will apply for WHQL test
finally, but for internal test and use, it should be a good feature to
suppress those new hardware wizards.
I think something need to be clarified, devcon install do not support
re-distribution, so it will fail when installing the driver on user’s
computer, while a test sign from winqual will be suitable for my
situation, am i right?
Thanks
Annie
xxxxx@microsoft.com wrote:
This was a change in the OS behavior between Server 2003 and Vista. The process that works for Vista going forward does not work prior to Vista.
Prior to Vista, the only way to avoid the pop-ups was to have a Windows signature, which you could get by being an in-box driver or by getting a WHQL signature (pass the logo tests).
For testing purposes, you should be able to use “devcon install” to install the driver without pop-ups. Or, winqual will “test sign” your driver package and provide you with the testroot.cer file that you can install and avoid the pop-ups.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> Thanks for your information.
Now our driver is under development and will apply for WHQL
test finally, but for internal test and use, it should be a
good feature to suppress those new hardware wizards.
I think something need to be clarified, devcon install do
not support re-distribution, so it will fail when installing
the driver on user’s computer, while a test sign from winqual
will be suitable for my situation, am i right?
I though the behavor on W2K3 was different for WHQL logoable device classes
and custom device classes. If you can put your device in a custom class, and
sign it with an Authenticode certificate and add that certificate to the
trusted publisher certificate store (which I believe can be done though
domain group policy), I thought you could get silent server side installs.
For testing, people have also written a variety of code to get around the
found new hardware popup. One strategy is to have a little user mode app
that looks for the found new hardware window and sends it keystrokes/clicks
as needed to make it go away.
At the DDC, I asked the WHQL folks if they could make the W2K3 WHQL test
signing process scriptable, so you could get test signatures without a bunch
of manual steps. Also feedback to MSFT, it was immensly hard to FIND the
WHQL test root to use WHQL test signed drivers. I ended up exporting it from
a system that had beta MSFT software on it. The testroot.cer file was
impossible to find anyplace.
I see during text mode setup, unsigned drivers seem to get installed
silently too. You could potentially make an automated OS install script that
made your drivers be installed with no manual intervention. What would be
nice to know is what magic changes after text mode setup that prevents
silent install, and could than be reversed to cause silent install later in
the life of the OS.
Jan
Annie,
What we do for ‘popup suppression’ on w2k3 and xp is to use the WHQL
test certificate and test signing facility for our pre-whql drivers.
When we do an official build, all drivers get test signed through WHQL
and our test group never gets a ‘customer experience’ test system.
For w2k8 and vista this process is somewhat broken for replacement of
in-box (shipped with the os drivers) but the system can be adjusted to
accept replacement drivers, and self signing works for test drivers.
On Fri, Nov 21, 2008 at 9:27 PM, ANNIE LI wrote:
> Thanks for your information.
> Now our driver is under development and will apply for WHQL test finally,
> but for internal test and use, it should be a good feature to suppress
> those new hardware wizards.
> I think something need to be clarified, devcon install do not support
> re-distribution, so it will fail when installing the driver on user’s
> computer, while a test sign from winqual will be suitable for my situation,
> am i right?
>
> Thanks
> Annie
>
> xxxxx@microsoft.com wrote:
>>
>> This was a change in the OS behavior between Server 2003 and Vista. The
>> process that works for Vista going forward does not work prior to Vista.
>>
>> Prior to Vista, the only way to avoid the pop-ups was to have a Windows
>> signature, which you could get by being an in-box driver or by getting a
>> WHQL signature (pass the logo tests).
>> For testing purposes, you should be able to use “devcon install” to
>> install the driver without pop-ups. Or, winqual will “test sign” your
>> driver package and provide you with the testroot.cer file that you can
>> install and avoid the pop-ups.
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy