I got great help on this board a couple of weeks ago with driver signing. Maybe someone can help with this.
We are moving our system to 64 bit Windows 7. I updated our driver and code signed it and it is running well. The problem I am having is during driver install. Every time I install the driver a security window pops out with the question:
Would you like to install this device software?
There is a check box “Always trust software from xxxx”.
I check the box and the install works. But when I try to install the driver again the security window pops up again. What do you need to do to avoid this security window?
>>What do you need to do to avoid this security window?
Install the certificate before you start the installation :
certmgr -add yourcerticate.cer -c -r localMachine -s CA
----- Original Message -----
From: To: “Windows System Software Devs Interest List” Sent: Thursday, May 05, 2016 3:04 PM Subject: [ntdev] How to silently install a driver
>I got great help on this board a couple of weeks ago with driver signing. Maybe someone can help with this. > > We are moving our system to 64 bit Windows 7. I updated our driver and code signed it and it is running well. The problem I am > having is during driver install. Every time I install the driver a security window pops out with the question: > > Would you like to install this device software? > There is a check box “Always trust software from xxxx”. > > I check the box and the install works. But when I try to install the driver again the security window pops up again. What do you > need to do to avoid this security window? > > Thanks > > — > NTDEV is sponsored by OSR > > Visit the list online at: http: > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>
You also need to make sure that https://support.microsoft.com/en-us/kb/2921916 is installed. Adding your cert in advance of install *should* be enough, but there was a goof in Win7 that needs fixed to make that work.
Christiaan, i have our certificate installed in the “Trusted Root Certification Authorities” and “Trusted Publishers” (but it is under certificates - current user). Is that not enough?
Shane, I will check to see if the hotfix is included in our system.
After installing the hotfix and installing our certificate under local machine I no longer see the security window every time I install the driver. Shane and Christiaan thanks a lot for your help.
I had the same problem and got it working now (thanks!).
Just to sum up:
Installing the certificate on command line (as admin):
certmgr.exe -add YourCertificate.cer -c -r localMachine -s trustedpublisher
(be aware that certmgr.exe is part of wdk, don’t mix it up with certmgr.msc)
I’ll save you some time. Run this to check if you have it or not:
wmic qfe where HotFixID=“KB2921916”
You’ll want your cert installed to Trusted Publishers for the local machine
NTDEV is sponsored by OSR
Visit the list online at: http: > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at http: >
Although a custom action will certainly allow you the flexibility to “do what you will” including installation of a cert in the cert store. I don’t think I’d advise creating one simply for that purpose. You can use the WixIISExtension and add an element to your ‘component’ requiring the certificate. This is a one liner and much less complex than using a custom action. Refer to doc here: http://wixtoolset.org/documentation/manual/v3/xsd/iis/certificate.html
In my experience creating a custom action should be a last resort as it makes debugging the installation process very difficult.