For Geeks @nd the not so Geeky

What are Device Drivers – Windows 7 Driver Signing Backup & Testing

Windows 7 Device Drivers

Each device connected to a PC -internal or external- needs a software program called a driver which typically comes in the form of an .inf file stored in the hidden directory %systemroot%\inf containing all the device drivers and typically called the driver store. The easiest way to manage and troubleshoot device driver issues is by using Device Manager which as the name says acts as the device driver manager.

Device Manager works in read-only mode on a remote computer. A hidden Device is usually a device that is not attached but whose driver is installed because the device was attached at some time in the past. device drivers

If a device driver is not found in the Windows 7 driver store or through Windows Update Windows prompts you to enter the path to the installation media. Windows then checks that the user has administrator rights and whether the driver has a valid signature.

If you don’t want Windows to automatically download and install device drivers you can modify this behavior by accessing the hardware tab in advanced system settings and choosing No, let me choose what to do under Device Installation Settings.

Windows 7 Driver Signing

When the driver is signed and approved a copy of the driver is placed in the driver store and the installation begins. If the driver is unsigned or missing a certificate in the Trusted Publishers Store the user is prompted to let the install continue.

An administrator can approve or stage a driver that is not found in the driver store. Windows then performs all the checks mentioned before. After the driver has been staged any user can install the driver without any prompts or administrator rights required.

You can install legacy hardware by right clicking the my computer icon in Device manager.  Make sure the hardware is connected before running the manual install wizard.

You can use group policy to control the install or update of device drivers

  • A policy preventing or restricting the install overrides a less restrictive policy
  • Configure custom messages to be displayed to the user when they attempt to install a device and policy settings restrict this
  • Prevent the install of devices that are not controlled by other policies
  • Specify the devices by hardware ID or device setup class GUID

Device driver resource conflicts are usually related to I/O, DMA channels and/or IRQ conflicts of 2 or more devices trying to use the same resources. You can roll back all drivers except for printers.

When looking for conflicts you can view devices by type in device manger or by going to start -> run -> msinfo32 where you can view the conflicts/sharing section under Hardware Resources just as you can view Problem Devices under the Components section.

Device Manager Icons

  • Disabled Device – Black downward pointing arrow Disabled Device
  • Non Functioning Device – Red X mark
  • Problem but Functioning Device – Yellow exclamation mark unknown device
  • Forced Resources Device – Blue I Mark

Driver Verifier Monitor

In Windows 7 you can use the Driver Verifier Monitor – verifier.exe -command line tool to test and monitor device drivers that are already loaded without the need for a reboot. It is primarily a stress test tool which can tell you under which conditions a driver might fail.

Digital Certificates and Windows Driver Signing

Windows 7 requires drivers to be signed with trusted certificates that are stored in the trusted publisher store.  Driver Signing is an electronic security mark provided by Microsoft which indicates that the driver of a 3-rd party manufacturer has been validated for use on a Windows 7 PC.

An administrator however can authorize the install of an unsigned driver. You will need a certificate from a server in your organization that is running Windows CA services. This certificate is only valid within your organization. Only external CAs such as Veritas are trusted by other organizations.

The device driver needs to be signed with this certificate and the certificate installed on the client PC in order for other users to install these drivers within the organization. Certificates can be deployed to a large number of computers using group policy.
64-bits versions of Windows will not allow you to install a driver if it is not digitally signed or has been altered, even if you are an administrator.

Driver Signing and Staging-

Device Driver Testing & Monitoring

For device driver testing of unsigned drivers you can always press F8 at start up and choose the option disable driver signature enforcement until the next reboot. You have to use this method if you are working on a Windows 64-bit PC which does not allow the install of unsigned drivers even when you are an administrator.

DXdiag can be used to check the digital signature of sound, display, connected USB and PS2 devices. You can use the File Signature Verification Tool (Sigverif) to view a list of other installed drivers. You can review the results of running  the program in the Sigverif.txt file.

To check whether any system files have been overwritten you can run the file system checker – sfce /scannow – from the command line or start run.

In Windows 7 you can also use Action Center in Control Panel to view problems related to device drivers.

Windows automatically creates a device driver backup as soon as you update device drivers giving you the option to roll back the driver to the previous version. To avoid windows 7 installation device driver missing error messages you should make sure to have the drivers from the manufacturer at hand for any device that is not recognized during Windows setup.

Windows Update

Windows update includes Important and Recommended updates as well as Optional Updates. Update Roll-Ups are a packaged set of updates that fix problems with specific Windows software or components.

As with most policies Windows Update can be configured through the Group Policy snap-in. Just like with rolling back drivers it is possible to roll back updates by using the Windows Update applet in Control Panel.

Comments are closed.