How to Configure Device Driver Signing Options by Using Group Policy
Your instructor will demonstrate how to configure device driver signing options by using Group Policy
Introduction This topic introduces how to configure device driver signing options by using
the Group Policy Management Console.
Procedure To configure device driver signing options using the Group Policy Management
Console:
1. Create a snap-in for Active Directory® Users and Computers.
a. Log on with your user account.
b. On the Start menu, click Run.
c. In the Run dialog box, in the Open box, type runas /user:nwtraders\administrator mmc and then click OK.
d. When prompted for a password, type P@sswOrd and then press ENTER.
e. In the Consolel window, click File, and then click Add/Remove Snap-in.
f. In the Add/Remove Snap-in dialog box, click Add.
g. In the Add Standalone Snap-in dialog box, click Group Policy Management, and then click Add.
h. Click Close, and then click OK.
Note If you are on a domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In the Group Policy Management window, expand Group Policy
Management, expand Forest: nwtraders.msft, expand Domains, expand nwtraders.msft, expand Locations, and then expand your ComputerName organizational unit.
3. Right-click your ComputerName organizational unit, and then click Create and Link a GPO Here.
4. In the New GPO dialog box, type ComputerName Unsigned Device Driver Policy and then click OK.
5. Expand ComputerName, right-click ComputerName Unsigned Device Driver Policy, and then click Edit.
6. In the console tree of the Group Policy Object Editor window, under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
7. In the details pane, double-click Devices: Unsigned driver installation behavior.
8. In the Properties dialog box for Devices: Unsigned driver installation behavior, select the Define this policy setting check box.
9. In the drop-down list, click Do not allow installation, and then click OK.
10. Close all windows.
How to Configure Device Driver Signing Options Manually
Introduction Use the following procedure when you must manually configure a computer.
For example, you are the systems administrator for the engineering department in a large organization. All the computers in the organization are configured by a policy that blocks the installation of unsigned device drivers. Software developers in your department need to test a new unsigned device driver that they developed. They cannot test the unsigned device driver because of the policy. You must manually configure their computers to allow the installation of unsigned device drivers.
Procedure To configure device driver signing options manually:
1. Click Start, click Control Panel, and then double-click System.
2. On the Hardware tab, click Driver Signing.
3. In the Driver Signing Options dialog box, in the What action do you want Windows to take box, select the appropriate option:
a. Ignore-Install the software anyway and don't ask for my approval b. Warn-Prompt me each time to choose an action c. Block-Never install unsigned driver software
4. Under Administration option, select the Make this action the system default check box, and then click OK.
Note As an administrator, you can select the Make this action the system default check box to apply the selected setting as the default for all users who log on to this computer.
Post a comment