Hardware Display  «Prev  Next»
Lesson 4Managing driver signing
ObjectiveConfigure digital signing options.

Purpose of digital signatures

Digital signatures are used by Microsoft to identify Microsoft-approved system files, including device drivers.
Sometimes, when installing new software on your computer, the software installation process overwrites system files with incompatible versions. This can cause system instability. The system files provided with Windows 2000 have a Microsoft digital signature. These signatures ensure that a particular file has met a certain level of testing, and that the file has not been altered with, or overwritten by, another program's installation process. Digital signatures are required for all vendor-provided drivers that ship with Windows 2000, and for drivers published on the Windows Update Web site.

How driver signing works

The digital signature does not change the contents of the actual device driver file. Rather, the device driver is associated with the digital signature via a inf file. The .inf file contains the instructions for installing the device driver, and contains a "pointer" to the digital signature file (or .cat file). During the installation of the driver, the operating system will read the contents of the .inf file, and then check the .cat file to which the .inf file points. If the .cat file contains Microsoft's own digital signature, the operating system assumes the driver is good and continues with installation.
If there is no digital signature, or if the digital signature is not confirmed as a valid Microsoft signature, then the operating system will either warn you of this situation or will prevent the driver from installing at all.

Controlling unsigned drivers

As a support professional, one of your responsibilities is to control how Windows 2000 reacts if an installation program attempts to add unsigned drivers to the system. To configure driver signing options:
Right-click My Computer and click Properties

Properties Menu
Click Driver Signing on the Hardware tab

Driver Signing Hardware Tab
Driver Signing Hardware Tab
  1. Select one of the options shown in the MouseOver below

Drivers Signing
Drivers Signing

Driver Signing Options

Identifying unsigned files

You can use file signature verification to identify unsigned files on your computer and specify verification options. To use file signature verification, perform the steps shown in the following Simulation. In the next lesson, you will learn how to create and activate a new hardware profile.
Managing Simulation