How to silently install a driver

I got great help on this board a couple of weeks ago with driver signing. Maybe someone can help with this.

We are moving our system to 64 bit Windows 7. I updated our driver and code signed it and it is running well. The problem I am having is during driver install. Every time I install the driver a security window pops out with the question:

Would you like to install this device software?
There is a check box “Always trust software from xxxx”.

I check the box and the install works. But when I try to install the driver again the security window pops up again. What do you need to do to avoid this security window?

Thanks

>>What do you need to do to avoid this security window?

Install the certificate before you start the installation :

certmgr -add yourcerticate.cer -c -r localMachine -s CA

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, May 05, 2016 3:04 PM
Subject: [ntdev] How to silently install a driver

>I got great help on this board a couple of weeks ago with driver signing. Maybe someone can help with this.
>
> We are moving our system to 64 bit Windows 7. I updated our driver and code signed it and it is running well. The problem I am
> having is during driver install. Every time I install the driver a security window pops out with the question:
>
> Would you like to install this device software?
> There is a check box “Always trust software from xxxx”.
>
> I check the box and the install works. But when I try to install the driver again the security window pops up again. What do you
> need to do to avoid this security window?
>
> Thanks
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>

You also need to make sure that https://support.microsoft.com/en-us/kb/2921916 is installed. Adding your cert in advance of install *should* be enough, but there was a goof in Win7 that needs fixed to make that work.

Christiaan, i have our certificate installed in the “Trusted Root Certification Authorities” and “Trusted Publishers” (but it is under certificates - current user). Is that not enough?

Shane, I will check to see if the hotfix is included in our system.

Thanks

I’ll save you some time. Run this to check if you have it or not:
wmic qfe where HotFixID=“KB2921916”

You’ll want your cert installed to Trusted Publishers for the local machine

Thanks Shane. It appears our system image does not have this hotfix. I will update the image and hopefully that will solve the problem.

After installing the hotfix and installing our certificate under local machine I no longer see the security window every time I install the driver. Shane and Christiaan thanks a lot for your help.

I had the same problem and got it working now (thanks!).

Just to sum up:
Installing the certificate on command line (as admin):
certmgr.exe -add YourCertificate.cer -c -r localMachine -s trustedpublisher
(be aware that certmgr.exe is part of wdk, don’t mix it up with certmgr.msc)

If you want to have your driver silently installed within another (e.g.
WIX) installer you might use a custom action there and do the
installation of the certificate in C#:
http://stackoverflow.com/questions/566570/how-can-i-install-a-certificate-into-the-local-machine-store-programmatically-us

Ed

Am 05.05.2016 um 19:37 schrieb xxxxx@hotmail.com:

I’ll save you some time. Run this to check if you have it or not:
wmic qfe where HotFixID=“KB2921916”

You’ll want your cert installed to Trusted Publishers for the local machine


NTDEV is sponsored by OSR

Visit the list online at: http:
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at http:
>


lakeBits Inh. Edgar Loser
Haydnstr. 25
78464 Konstanz
Tel 0049 7531 5844154 0
Fax 0049 7531 5844154 9
http://www.colymp.com/
mailto:xxxxx@colymp.com</http:></http:></http:>

Hey Loser,

Although a custom action will certainly allow you the flexibility to “do what you will” including installation of a cert in the cert store. I don’t think I’d advise creating one simply for that purpose. You can use the WixIISExtension and add an element to your ‘component’ requiring the certificate. This is a one liner and much less complex than using a custom action. Refer to doc here: http://wixtoolset.org/documentation/manual/v3/xsd/iis/certificate.html

In my experience creating a custom action should be a last resort as it makes debugging the installation process very difficult.