BehaviorOnFailedVerify

HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing

Data type Range Default value
REG_DWORD (Not in registry) | 0 | 1 | 2 1

Description

Determines how the system responds when a user tries to install device driver files that are not digitally signed.

This entry stores the setting of the Code signing for device drivers Group Policy. Group Policy adds this entry to the registry when you enable the Code signing for device drivers policy. If you disable the policy or set it to Not configured, Group Policy deletes the entry from the registry.

This entry establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this policy is enabled, the system does not implement any setting less secure than the one the policy established.

Value Meaning
0 Ignore. The system proceeds with the installation even if it includes unsigned files.
1 Warn. The system notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed.
2 Block. The system to refuses to install unsigned files. As a result, the installation stops, and none of the files in the driver package is installed.

Change method

To change the value of this entry, use Group Policy. This entry corresponds to the Code signing for device drivers policy (User Configuration\Administrative Templates\System). Use the drop-down box to specify the desired response.

To change driver file security without setting a policy, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.

Note Image Note

The system's response to unsigned driver files is determined by comparing the value of this entry to the values of the Policy entry in HKCU and the Policy entry in HKLM. The entry with the highest (most secure) value is used.

Tip Image Tip

To change driver file security without setting a policy, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.

For detailed information about particular Group Policy settings, see the Group Policy Reference (Gp.chm) on the Windows 2000 Resource Kit companion CD.

For general information about Group Policy, see Group Policy in Windows 2000 Help.

To see a table associating policies with their corresponding registry entries, see the Group Policy Reference Table.

Related Entries

Page Image

Page Image