Disable driver signature enforcement permanetly at boot-up, how?
Hi all.
I have several devise drivers that are not digitally signed but otherwise work happily under windows server 2008.
At present, during booting up, I need to go thorugh the loop F8 to manually disable "digital driver enforcement", but this is good for the current session only.
Is there a clever way to permanently disable digital driver enforcement, so that I do not have to use the F8 option manually every time?
Thanks.
Regards,
Cukkas
Odpovědi
Hello Cukkas,
There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO),
1. Start --->> Run ---> GPEdit.msc
2. Enable and Ignore Code signing for drivers policy under User Configuration --->>
Administrative Templates ---->> System ---->> Driver Installation --->> Code signing for drivers
- Hi Sherif,
Thank you for your suggestions.
I tried both methods that you mentioned,
1) command-line
bcdedit.exe /set nointegritychecks ON
the operation is completed successfully, but it makes no difference when it reboots.
On re-boot, the bootmanager will stop, saying
" ...\windows\system32\drivers\fastx2k.sys" is not digitally signed,
then I need to proceed to use F8 option to manually "disable digital signature enforcement" to continue
booting up the OS.
I also use this command line (which apparently works in Vista from whose forum I obatined the command line):
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
the operation is completed successfully, but again it makes no difference when it reboots.
2) Your second method does not solve my need - I need to disable digital driver enforcement during boot-up.
Any other ideas I can try?
Thank you again.
Regards,
Cukkas - http://www.vistabootpro.org/
- Hi Kane3162,
Thank you for the suggestion.
I had used an earlier version of VistaBootPro before, but it didn't work.
Today, I downoload the latest version 3.3 which warned during installation of potential slight probelm using it on Windows Server 2008. Big mistake - the OS wouldn't bootup at all after using the programme to set disable digital driver enforcement. I have to use backup BCD file to restrore and recover.
Any body who has a working solution to this problem? Much appreciated if you could post it here.
Thank you.
Regards,
Cukkas
Všechny reakce
Hello Cukkas,
There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO),
1. Start --->> Run ---> GPEdit.msc
2. Enable and Ignore Code signing for drivers policy under User Configuration --->>
Administrative Templates ---->> System ---->> Driver Installation --->> Code signing for drivers
- Hi Sherif,
Thank you for your suggestions.
I tried both methods that you mentioned,
1) command-line
bcdedit.exe /set nointegritychecks ON
the operation is completed successfully, but it makes no difference when it reboots.
On re-boot, the bootmanager will stop, saying
" ...\windows\system32\drivers\fastx2k.sys" is not digitally signed,
then I need to proceed to use F8 option to manually "disable digital signature enforcement" to continue
booting up the OS.
I also use this command line (which apparently works in Vista from whose forum I obatined the command line):
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
the operation is completed successfully, but again it makes no difference when it reboots.
2) Your second method does not solve my need - I need to disable digital driver enforcement during boot-up.
Any other ideas I can try?
Thank you again.
Regards,
Cukkas - http://www.vistabootpro.org/
- Hi Kane3162,
Thank you for the suggestion.
I had used an earlier version of VistaBootPro before, but it didn't work.
Today, I downoload the latest version 3.3 which warned during installation of potential slight probelm using it on Windows Server 2008. Big mistake - the OS wouldn't bootup at all after using the programme to set disable digital driver enforcement. I have to use backup BCD file to restrore and recover.
Any body who has a working solution to this problem? Much appreciated if you could post it here.
Thank you.
Regards,
Cukkas - Hi Cukkas,
I'm having the same dilemma over here but on Vista x64, there seems to be no solution.
I'm glad I found this post though, hopefully we can find a solution.
Regards,
xslikx- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
- that is HIGHLY unusual..... I have used it since Beta 2 and not had the no-boot problem you describe.... what settings are you using by chance when you make the change? do you just change the boot options?
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
- Hi Kane3162,
My situation on Vista is the same Cukkas is experiencing more or less.
It's happening for me because Promise (http://www.promise.com/) makes no compatible 378 IDE driver for x64 OSs and Vista x86/x64, so I'm left with no choice but to use a driver which originated from a laptop called D900T (http://www.sagernotebook.com) that happens to work on x64 OSs and on Vista x64 when digital signature enforcement is disabled.
It was originally hosted at - http://www.sagernotebook.com/ftp/win64b/Win64B_ATA.exe but that URL no longer exists because they removed the file.
I'm not sure if the laptop company made the driver or if Promise did, but everything about them surfaced here http://www.planetamd64.com/index.php?showtopic=7928
Currently there is also a Vista version of this driver which apparently originated from Vista 5744 and bypasses digital signature enforcement.
The problem with this driver is that the transfer rate is limited to 150 Kb/s so I'm left with the previous drivers mentioned which were designed for XP x64 but work on Vista when digital signature enforcement is disabled.
The driver works great otherwise, but every time i reboot I'm required to press F8 and choose to disable digital signature enforcement or i receive an error: "0x0000428 \Windows\system32\drivers\videx64.sys Windows cannot verify the digital signature for this file."
Promise has stated themselves:
Promise wrote: No we do not have or plan to release 64 bit drivers that will allow your 378 chipset to work as a regular IDE drive as that chipset is RAID only and not dependent on the driver. Moreover all driver support for this product is not available thru promise because this chipset is imbedded on your mainboard. This will need to be supported thru your mainboard manufacturer
You have to register to view these but i figured i might as well link them incase they're of any use to resolving this problem.
XP x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=850
Vista x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=1240
Other XP x64 / Vista x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=1291
Motherboard: Asus A8V Deluxe - http://www.asus.com/products4.aspx?modelmenu=2&model=238&l1=3&l2=15&l3=0
Chipset: Via K8T800PRO - http://www.via.com.tw/en/products/chipsets/k8-series/k8t800pro/
Regards,
xslikx- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
- Hi All,
To answer Kane3162's question, the only setting in VistaBootPro that I used was to check the option to disable digital driver enforcement, but the PC would refuse to bootup again.
Hi, xslikx, my motherboard is ASUS SK8V, which has a similarly imbedded 378 Promise raid/IDE chipset for SATA connetors as your motherboard. I am using the IDE setup using the same driver that you mentioned, and it works fine for the two drives that are connected to these connectors. I have not tried them under raid setup, so I can't tell whether that setup works.
As you said, it would be nice to be able to get rid of digital driver enforcement during boot-up. It also means I can remotely re-boot the PC as well. Hope someone can come up with a solution.
Regards,
Cukkas
P/s: Do you know a 64 bit driver for Canoscan scanner ( model 8400F) that works under Windows Server 2008 64 bit?- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
- Hey Cukkas,
That initially came out to me as a huge surprise that were both dealing with the same promise driver issue, but at the same time it doesn't surprise me that others are having problems with them as well.
I sent a technical inquiry to Asus last night and got a reply this morning regarding the Promise driver issue, their reply was:
Asus Support Team wrote: Hello,
Asus does not write driver software, we receive it from the hardware/chipset manufacturers of the components we use, and simply repackage them with the Asus installer/logos in some cases. You will need to contact Promise to see if/when such a driver may be available. Also, there is no plan at present to support Vista on any Socket 939 (A8 series) motherboard, in either 32 bit or 64 bit versions, largely due to a lack of solid driver support.
Regards,
Asus Support Team
Please do not reply to this message. If you need further assistance please call our technical support line at (812) 282-2787 Monday-Friday from 8:30am-Midnight EST.
So apparently i would just get the run-around by contacting either Promise or Asus about this driver.
Regarding the Canoscan scanner 8400F, you're best off trying either 8400F Scanner Driver Ver. 10.2.3.1a (Windows Vista64) 2007-10 or 8400F Scanner Driver Ver. 10.2.3.1a (Windows XP x64) 2007-10.
They can be found here - http://www.usa.canon.com/consumer/controller?act=ModelInfoAct&tabact=DownloadDetailTabAct&fcategoryid=351&modelid=10242
I see you've already tried one of them from this topic - http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2285944
but its probably worth trying the XP x64 version if the Vista x64 version isn't working for you on server 2008 x64.
Either way it seems that Canon will fully support all Vista/Server2008 in the future, but as for Promise things look grim.
Regards,
xslikx- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
has anybody here tried http://www.tweak-uac.com/? I was thinking of trying it out.
thanks,
gargolita
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
Does anyone know how to resolve the problem?
It's proving impossible to do remote re-booting of the server.Thank you.
Cukkas
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
Hi All,
I had a lightbub moment while I was taking a shower last weekend: what if I use the hibernate function (which is standard log off option in a laptop) and how will the Windows server 2008 repsond?
There is no hibernate switch in Window server 2008 log off, but you can try this string on a short cut on desktop:
rundll32.exe powrprof.dll, SetSuspendState
Log off by clicking on this shortcut, and the PC will hibernate. The next time you power on the PC, it switches on and recover to its previous state, bypassing the driver enforcement check. No need for a F8 intervention anymore.
It works for me. Let me know if it works for you too.
Regards,
Cukkas
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
In the GA (General Availability) release Microsoft has announced that this is not going to be possible even by hitting F8. The digital signature enforcement will become turned on automatically and you will not be able to turn it off on bootup at all. This makes for real problems with enhanced drivers, and will force companies to work in greater detail to ensure they have Microsoft's signature or approval on drivers. The only way to make this work now is by hitting F8, turning it off by changing the settings in gpedit.msc or any other means such as cmd prompt will not work at all. It is alway turned on by default on bootup.
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
I just built a new home computer yesterday and, after installing OS (I worked around in just the os for several hours) then installing the drivers, the computer asked me to restart. I did and it came up with the black screen and "Windows failed to start.... File:\Windows\System32\drivers\sfsync04.sys, Status:0xc0000428, Info: Windows cannot verify the digital signature for this file.
I was able to change my BIOS to reboot from the CDRom but all it did was put my first install into an ".old' file and completely reinstall Windows. I've added nothing else because I'm afraid it will just keep happening.
1. This isn't just a server 2008 issue
2. This isn't just an upgrade issue - new build with Vista Home Prem 64bit SP1
3. Isn't just the Asus board - I have the Gigabyte GA-P35-DS3L motherboard but I can't tell you anything about Promise or even if the motherboard is faulty. (How do you know?)
4. Why should brand name drivers cause such a problem?
5. It obviously isn't the same file causing the problem but something inherent in the digital verification system.
Mobo: Gigabyte GA-p35-DS3L -- installed driver ... again, no driver installation yet for the second install
CPU: Intel Q6700
Vista Home Prem 64bit SP1 -- installed both times
eVGA 8800GTS 512mb KO -- installed driver 1st time
2x2G Crucial RAM
500G SATA Seagate HD
Creative Sound Blaster X-Fi Audio -- installed driver 1st time
2 SATA DVDRW drives
1 Floppy
Zerotherm BTF90
PC Power & Cooling 610W Silencer
Dell 2408WFP
Logitech diNovo keyboard -- installed software
Antec P182SE
MS Works 2006 -- installed software
USB Graphics Tablet (about 4 years old) -- installed driver/Corel Art Dabbler software
- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
- I may have found a work around - http://www.citadel.co.nr/readydriverplus/
I haven't tried it yet but it looks promising.- Navržen jako odpověďSoftware Help ByTapan 9. září 2009 18:14
