Hardware Installation: What You Need to Know
with drivers signed by Microsoft, any changes to a device driver signed by a manufac-
turer invalidate the digital signature, giving you a clear indication that a device driver
has been tampered with.
Because unsigned drivers have been neither validated nor authenticated, they are
much more likely than any other device driver or program you’ve installed to cause
the operating system to freeze or your computer to crash. This is why Windows Vista
warns you by default when you try to install a device with an unsigned device driver.
You can also configure Windows to eliminate this warning or to prevent unsigned
drivers from being installed.
Unlike Windows XP, you can only manage device driver settings through Group Pol-
icy. In Group Policy, you can configure device-driver-signing settings using the
“Code signing for device drivers” policy (see Figure 5-4). This policy is located in
User Configuration\Administrative Templates\System\Driver Installation. When you
enable this policy, you can specify the action to take as Ignore, Warn, or Block.
These settings are used as follows:
Allows you to install any unsigned driver without having to see and respond to a
Prompts you each time to continue with the installation of an unsigned driver or
to stop the installation
Prevents you from accidentally or purposefully installing unsigned driver software
You’ll learn more about Group Policy in Chapter 26.
How Does the Operating System Obtain Driver Updates?
As you’ll learn in Chapter 20, Windows Vista uses a feature called Windows Update
to keep the operating system, its components and services, and related Microsoft
software up to date. You can configure Windows Update to obtain updates for
device drivers. If you do this, Windows Vista checks for driver updates as part of the
normal update process.
Because Windows Update only updates device drivers included with the operating
system, any devices you’ve installed that have their own device drivers are not neces-
sarily updated in this way. Still, driver information files do contain information
about particular classes of devices or related sets of devices, so it is possible that as
manufacturers introduce new models of hardware devices, support for these newer
devices will be added through the update process. This is one of the reasons why
when you connect a new device, Windows Vista checks for a matching driver auto-
matically using Windows Update.