When any hardware device is attached to a computer its appropriate driver must also be installed in order to allow the device function properly. Almost all versions of Microsoft operating systems nowadays ship along with almost all mandatory device drivers which are integrated in the OS. These device drivers are considered trusted because they automatically get installed along with Windows installation and since Microsoft has approved them they are considered trusted and contain a digital code given by Microsoft that operating systems check and consider them as signed drivers.
Unsigned drivers, on the other hand, are the ones that have been developed by third-party vendors and do not contain digital signatures given by Microsoft. Microsoft Windows can be configured to respond appropriately if administrators try to install any such unsigned drivers.
In many cases even unsigned drivers work perfectly however they are not at all recommended by Microsoft. Microsoft recommends that administrators must install device drivers that are either developed by Microsoft itself or have its digital signature on them.
Administrators can configure Windows 8 computer to either install unsigned drivers or restrict their installation if they think security is a major concern.
Best Practices While Managing Signed and Unsigned Drivers
In production environments where security is an important issue it is strongly recommended that all device drivers that administrators install must be digitally signed and Windows 8 operating system must be configured to ignore the installation of any unsigned device driver.
In home environments where users install several applications and hardware devices, installation of unsigned drivers can be allowed as it is unlikely that all hardware vendors would go for Microsoft’s digital signatures for their device drivers.
How to Enable or Disable Installation of Unsigned Drivers?
Administrators must follow the steps below in order to enable or disable installation of unsigned drivers:
Log on to Windows 8 computer on which installation of unsigned drivers is to be managed.
Assuming that classic start menu has been enabled, go to Start > All Programs > Accessories and from the available list of applications right click Command Prompt.
From the context menu click Run as administrator and on the appeared User Account Control confirmation box click Yes to allow.
On the opened elevated command prompt type BCDEDIT –Set LoadOptions DDISABLE_INTEGRITY_CHECKS and press enter key.
Once the command successfully completes type BCDEDIT –Set TESTSIGNING ON.
Manage Driver Signing
In order to revert the changes back to their normal state repeat steps 4 and 5 but with the commands BCDEDIT –Set LoadOptions DDISABLE_INTEGRITY_CHECKS and BCDEDIT –Set TESTSIGNING ON respectively.
Restart the computer to allow the changes to take effect.