Purpose of digital signatures
|Lesson 4||Managing driver signing |
|Objective||Configure digital signing options. |
Digital signatures are used by Microsoft to identify Microsoft-approved system files, including device drivers.
How driver signing works
Sometimes, when installing new software on your computer, the software installation process overwrites system files with
incompatible versions. This can cause system instability. The system files provided with Windows 2000 have a Microsoft digital signature.
These signatures ensure that a particular file has met a certain level of testing, and that the file has not been altered with,
or overwritten by, another program's installation process. Digital signatures are required for all vendor-provided drivers that ship with Windows 2000,
and for drivers published on the Windows Update Web site.
The digital signature does not change the contents of the actual device driver file. Rather, the device driver is associated with
the digital signature via a inf file.
The .inf file contains the instructions for installing the
device driver, and contains a "pointer" to the digital signature file (or .cat file). During the installation of the
driver, the operating system will read the contents of the .inf file, and then check the .cat file to which the .inf file points.
If the .cat file contains Microsoft's own digital signature, the operating system assumes the driver is good and continues
If there is no digital signature, or if the digital signature is not confirmed as a valid Microsoft signature, then the operating
system will either warn you of this situation or will prevent the driver from installing at all.
Controlling unsigned drivers
As a support professional, one of your responsibilities is to control how Windows 2000 reacts if an installation program attempts
to add unsigned drivers to the system.
To configure driver signing options:
Right-click My Computer and click Properties
Click Driver Signing on the Hardware tab
Select one of the options shown in the MouseOver below
Driver Signing Options
Identifying unsigned files
You can use file signature verification to identify unsigned files on your computer and specify verification options.
To use file signature verification, perform the steps shown in the following Simulation.
In the next lesson, you will learn how to create and activate a new hardware profile.