Group policy devices unsigned driver installation behavior

 · The default Group Policy setting for unsigned drivers is Devices: Unsigned driver installation behavior. Three options are available: Silently succeed—users can install unsigned drivers, no warning appears. Warn but allow installation—users can install unsigned drivers, but a warning appears. Do not allow installation—users cannot install .  · On my test Windows XP machine I simply edited the local security policy setting under Computer Configuration Windows Settings Security Settings Local Policies Security Options Devices: Unsigned driver installation behavior to be Silently succeed.  · Setting the value to 0 allows non-administrators to install signed and unsigned drivers to a print server but does not override the Point and Print Group Policy settings. Consequently, the Point and Print Restrictions Group Policy settings can override this registry key setting to prevent non-administrators from installing signed and unsigned print drivers .

On my test Windows XP machine I simply edited the local security policy setting under Computer Configuration Windows Settings Security Settings Local Policies Security Options Devices: Unsigned driver installation behavior to be Silently succeed. Setting the value to 0 allows non-administrators to install signed and unsigned drivers to a print server but does not override the Point and Print Group Policy settings. Consequently, the Point and Print Restrictions Group Policy settings can override this registry key setting to prevent non-administrators from installing signed and unsigned print drivers from a print server. Devices: Unsigned driver installation behavior. This security setting determines what happens when an attempt is made to install a device driver (by means of Setup API) that has not been tested by the Windows Hardware Quality Lab (WHQL). The options are: Silently succeed. Warn but allow installation. Do not allow installation.

This is great from the point of security because the installation of an incorrect or fake device driver could compromise the PC or degrade the system. The administrator can then use Group Policy settings to distribute the and Installation Step-by-Step Guide: "Signing and Staging Device Drivers in. This is with the domain-wide Group Policy having the correct setting for "Devices: Unsigned driver installation behavior." (I even verified that the GPO was.