Applies To: Windows 7, Windows Server 2008 R2
In this guide you used a sample device and driver in a lab environment to learn how to securely deliver device driver packages to client computers. With this configuration, a standard user can install device drivers without any assistance from an administrator. The tasks used to complete this configuration included how to:
Sign a device driver package to allow Windows to trust the driver package. This task included procedures for creating a signing certificate, configuring the client computers to recognize the certificate, creating a catalog file to contain the signature, and then signing the catalog file and including it in the driver package.
Stage the driver package in the driver store on the client computer. This task included procedures that showed you how to use the PnPUtil.exe tool to place driver packages in the driver store as an administrator, so that they can be installed by any user.
Configure a client computer to search additional folders for driver packages when the computer does not find them in the driver store. These procedures demonstrated modifying a Registry entry to add a local folder or network location to the list of folders Windows searches for driver packages when it detects a new hardware device. This eliminates the need for the user to enter the path manually, or to provide media. The procedures also demonstrated how to configure computer policy to allow a standard user to successfully stage, and thus install, devices that are members of approved device setup classes.
Your feedback is welcome. If the scenarios included do not work as described or if they fail to capture the way you want to use the technology, please tell us. We will use the feedback that you provide to improve the quality of this documentation. Send your comments on this documentation to DMI Documentation Feedback (firstname.lastname@example.org).
For more information about device installation:
Device Management and Installation
How Setup Selects Device Drivers
Device Identification Strings
Step-By-Step Guide to Controlling Device Installation Using Group Policy
For more information about User Account Control in Windows Vista and Windows 7:
User Account Control
For more information about digital certificates and digital signatures:
Code Signing Best Practices
Code Signing Requirements for 64-bit Kernel Mode Drivers
Microsoft Cross-Certificates for Windows Kernel Mode Code Signing
Kernel-Mode Code Signing Walkthrough
Introduction to Code Signing
Creating, Viewing and Managing Certificates
Microsoft Root Certificate Program Member List
Windows Server PKI Operations Guide
Building an Enterprise Root Certification Authority in Small and Medium Business
For more information about Group Policy: