Как отключить проверку цифровой подписи драйвера в Windows 7
В ОС Windows 7 Microsoft существенно ужесточила требованию к устанавливаемым драйверам (рекомендуем познакомиться с занимательной статьей об установке драйверов устройств в Windows 7). Теперь любой устанавливаемый драйвер должен иметь цифровую подпись, проверенную и сертифицированную Microsoft. Перед загрузкой и установкой драйвера любого устройства Windows 7 проверяет цифровую подпись этого драйвера. И если при попытке установить драйвер для нового устройства в Windows 7 вы увидите сообщение: «Windows can’t verify the publisher of this driver software», значит, данный драйвер не имеет цифровой подписи. В указанном диалогом окне можно выбрать вариант ”Install this driver software anyway” («Все равно установить этот драйвер»), однако в любом случае этот драйвер не установится, и значит, устройство работать не будет.
При установке неподписанного драйвера, в диспетчере устройств данное устройство будет помечено восклицательным знаком и содержать следующее сообщение об ошибке:
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
Также о проблемах с цифровой подписью драйверов могут свидетельствовать такие ошибки: Device driver software was not successfully installed
Политика проверки цифровой подписи у драйверов работает как в 32-х (x86), так и в 64-х (x64) версиях Windows 7 и главная причина появления такой политики установки сторонних драйверов – желание улучшить стабильность и надежность ОС Windows, добившись того, чтобы все выпускаемые драйвера проходили через сертификационный тест и тест на совместимость в Microsoft.
К счастью в Windows 7 можно отключить проверку цифровой подписи драйвера. И сделать это можно несколькими способами:
- Самому подписать драйвер (сделать это можно с помощью специального софта, или по инструкции, описанной в мануале Как подписать цифровой подписью драйвер для Windows 7 x64)
- Отключить проверку цифровой подписи драйверов с помощью групповой политики
- Изменить режим загрузки ОС на загрузку без проверки цифровой подписи (с помощью bcdedit)
- Загрузить Windows 7 без проверки цифровой подписи (через загрузочное меню по клавише F8)
Рассмотрим все перечисленные варианты отключения проверки подписей драйверов
Загрузка Windows 7 без проверки цифровой подписи
Возможно временно отключить проверку подписей драйверов, если перегрузить систему, при загрузке нажать клавишу F8. В появившемся меню с вариантами загрузки системы выбрать пункт Disable Driver Signature Enforcement(«Отключение обязательной проверки подписи драйвера»).
После загрузки Win 7 можно будет установить неподписанный драйвер и протестировать его работу, однако если загрузиться в обычном режиме, драйвер работать не будет
Отключаем проверку подписи драйверов в Windows 7 с помощью групповой политики
В том случае, если вы полностью хотите отключить проверку подписывания драйверов в Windows 7, сделать это можно с помощью групповой политики.
В меню политик перейдите в раздел User Configuration->Administrative Templates-> System->Driver Installation.
В правой панели найдите пункт ‘Code Signing for Device Drivers’ и дважды щелкните по нему.
В появившемся окне выберите ‘Enabled’, а в нижнем меню — ‘Ignore’. Нажмите Ок и перезагрузите компьютер. После перезагрузи и применения политика, в своей Windows 7 вы полностью отключите подписывание драйверов, и сможете установить любые, в том числе, неподписанные драйвера.
Отключаем проверку цифровой подписи драйверов в Windows 7 с помощью bcdedit
Откройте командную строку с правами администратора и последовательно наберите следующие две команды:
После выполнения каждой из команд должно появиться сообщение о том, что команда выполнена успешно.
Перезагрузите компьютер и попробуйте установить неподписанный драйвер. Вуаля!
Если вам нужно отменить этот режим работы и вновь включить проверку цифровой подписи в win 7, выполните следующие команды:
How do I disable driver signing enforcement on Windows Server 2008 R2 x64?
I’m running Windows Server 2008 R2 x64 and I have a driver that isn’t signed so the Device Manager displays the following message:
«Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)»
I know that I can disable driver signing enforcement per-boot by using F8 but I’d like something more permanent, or I’d like a way to sign this driver myself and allow Windows to accept it.
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
No way in hell I would do this on a production server though, MS support would just laugh at you if you called in and they shadowed you and saw the banner (and rightfully so).
Get the vendor to send you a proper driver.
Yes, but you’ll still have to sign the driver with a test certificate (it comes with the Windows Driver Kit).
As the hardware is showing up in Device Manager like it is, it means it was installed with a valid signature. Now the signature is invalid, which means the driver is damaged.
Windows is very rightly telling you that the driver is broken.
As the hardware is showing up in Device Manager like it is, it means it was installed with a valid signature. Now the signature is invalid, which means the driver is damaged.
Windows is very rightly telling you that the driver is broken.
© Ars Technica 1998-2020
© 2020 Condé Nast. All rights reserved
Use of this Site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices 
Disable driver signature enforcement windows server 2008 r2
The following forum(s) have migrated to Microsoft Q&A: All English Windows Server forums!
Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have several devise drivers that are not digitally signed but otherwise work happily under windows server 2008.
At present, during booting up, I need to go thorugh the loop F8 to manually disable «digital driver enforcement», but this is good for the current session only.
Is there a clever way to permanently disable digital driver enforcement, so that I do not have to use the F8 option manually every time?
Answers
There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO),
1. Start —>> Run —> GPEdit.msc
2. Enable and Ignore Code signing for drivers policy under User Configuration —>>
Administrative Templates —->> System —->> Driver Installation —>> Code signing for drivers
Thank you for your suggestions.
I tried both methods that you mentioned,
bcdedit.exe /set nointegritychecks ON
the operation is completed successfully, but it makes no difference when it reboots.
On re-boot, the bootmanager will stop, saying
» . \windows\system32\drivers\fastx2k.sys» is not digitally signed,
I also use this command line (which apparently works in Vista from whose forum I obatined the command line):
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
the operation is completed successfully, but again it makes no difference when it reboots.
2) Your second method does not solve my need — I need to disable digital driver enforcement during boot-up.
Any other ideas I can try?
Thank you for the suggestion.
I had used an earlier version of VistaBootPro before, but it didn’t work.
Today, I downoload the latest version 3.3 which warned during installation of potential slight probelm using it on Windows Server 2008. Big mistake — the OS wouldn’t bootup at all after using the programme to set disable digital driver enforcement. I have to use backup BCD file to restrore and recover.
Any body who has a working solution to this problem? Much appreciated if you could post it here.
All replies
There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO),
1. Start —>> Run —> GPEdit.msc
2. Enable and Ignore Code signing for drivers policy under User Configuration —>>
Administrative Templates —->> System —->> Driver Installation —>> Code signing for drivers
Thank you for your suggestions.
I tried both methods that you mentioned,
bcdedit.exe /set nointegritychecks ON
the operation is completed successfully, but it makes no difference when it reboots.
On re-boot, the bootmanager will stop, saying
» . \windows\system32\drivers\fastx2k.sys» is not digitally signed,
I also use this command line (which apparently works in Vista from whose forum I obatined the command line):
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
the operation is completed successfully, but again it makes no difference when it reboots.
2) Your second method does not solve my need — I need to disable digital driver enforcement during boot-up.
Any other ideas I can try?
Thank you for the suggestion.
I had used an earlier version of VistaBootPro before, but it didn’t work.
Today, I downoload the latest version 3.3 which warned during installation of potential slight probelm using it on Windows Server 2008. Big mistake — the OS wouldn’t bootup at all after using the programme to set disable digital driver enforcement. I have to use backup BCD file to restrore and recover.
Any body who has a working solution to this problem? Much appreciated if you could post it here.
I’m having the same dilemma over here but on Vista x64, there seems to be no solution.
I’m glad I found this post though, hopefully we can find a solution.
My situation on Vista is the same Cukkas is experiencing more or less.
It’s happening for me because Promise (http://www.promise.com/) makes no compatible 378 IDE driver for x64 OSs and Vista x86/x64, so I’m left with no choice but to use a driver which originated from a laptop called D900T (http://www.sagernotebook.com) that happens to work on x64 OSs and on Vista x64 when digital signature enforcement is disabled.
It was originally hosted at — http://www.sagernotebook.com/ftp/win64b/Win64B_ATA.exe but that URL no longer exists because they removed the file.
I’m not sure if the laptop company made the driver or if Promise did, but everything about them surfaced here http://www.planetamd64.com/index.php?showtopic=7928
Currently there is also a Vista version of this driver which apparently originated from Vista 5744 and bypasses digital signature enforcement.
The problem with this driver is that the transfer rate is limited to 150 Kb/s so I’m left with the previous drivers mentioned which were designed for XP x64 but work on Vista when digital signature enforcement is disabled.
The driver works great otherwise, but every time i reboot I’m required to press F8 and choose to disable digital signature enforcement or i receive an error: «0x0000428 \Windows\system32\drivers\videx64.sys Windows cannot verify the digital signature for this file.»
Promise has stated themselves:
| Promise wrote: | |
|
You have to register to view these but i figured i might as well link them incase they’re of any use to resolving this problem.