Plug and Play and Internet Communication

  • Article

Applies To: Windows Server 2003 with SP1

This section provides information about:

  • The benefits of Plug and Play

  • How Plug and Play communicates with sites on the Internet

  • How to control Plug and Play to prevent the flow of information to and from the Internet

Benefits and Purposes of Plug and Play

Windows Plug and Play provides ease of support for installing devices on computers in your network. You can simply plug in a Plug and Play device and Windows does the rest by searching locally for the driver and prompting to find out whether to also search Windows Update, installing the driver, updating the system, and allocating resources. After you install a Plug and Play device, the driver is configured and loaded dynamically, typically without requiring user input.

Plug and Play in Microsoft Windows Server 2003 with Service Pack 1 (SP1) provides the following functionality:

  • Detects a Plug and Play device and determines its hardware resource requirements and device identification number (Plug and Play ID).

  • Locates an appropriate device driver for newly installed devices.

  • Allocates hardware resources.

  • Dynamically loads, initializes, and unloads drivers.

  • Notifies other drivers and applications when a new device is available.

  • In conjunction with power management, handles stop and start processes for devices during hibernation, standby, and startup and shutdown operations.

  • Supports a wide range of device types.

In order to install devices using the hardware wizards, you must be logged on as an administrator or a member of the Administrators group. You can then use the hardware wizards, such as the Hardware Update Wizard, to search the Windows Update site for device drivers. All drivers obtained through Windows Update are signed by Windows Hardware Quality Labs (WHQL). The WHQL provides compatibility testing services to test hardware and drivers for Windows operating systems.

Note

Some buses, such as Peripheral Component Interconnect (PCI) and universal serial bus (USB), take full advantage of Plug and Play. Older buses, such as Industry Standard Architecture (ISA), do not take full advantage of Plug and Play, and require more user interaction to ensure that devices are correctly installed.

The Windows Update site is located at:

https://windowsupdate.microsoft.com/

Overview: Using Plug and Play in a Managed Environment

The Plug and Play feature is built into Windows Server 2003 and is always available. When a person who is logged on as an administrator installs a Plug and Play device, Windows Server 2003 first searches locally for an appropriate device driver. If the computer is connected to the Internet, Windows Server 2003 with SP1 prompts the person to find out whether to also search Windows Update for the latest device driver.

As an IT administrator in a highly managed network environment, you may want to control whether Windows Server 2003 with SP1 will search the Windows Update Web site for the latest device driver, and if so, whether the person installing or updating the device will be prompted before the Internet search begins. You can control these things through Group Policy.

There are also policy settings you can use to disable any access to Windows Update. If you do prevent access to Windows Update, there is the option for manually downloading the updates from the Windows Update Catalog, whereby they can be distributed on your organization's network as needed.

Using Group Policy to disable access to Windows Update, and to configure driver search locations, is described in "Controlling Automatic Device Updating to Prevent the Flow of Information to and from the Internet,” later in this section.

How Plug and Play Communicates with Sites on the Internet

When a person logged on as an administrator installs new hardware, or updates the driver for existing hardware, Windows Server 2003 with SP1 will by default display a prompt to find out whether to search Windows Update for the latest device driver. If the person installing or updating the device consents to the Internet search, the interaction takes place as follows:

  • Specific information sent or received: The Code Download Manager (CDM) calls Windows Update to find and download device drivers. The CDM also calls Help and Support Center, which logs Plug and Play IDs for devices that Microsoft does not have drivers for. Neither of these communications is under the direct control of Plug and Play. The CDM handles all of the communication between the computer and Windows Update. None of the communication between the computer and the Internet uniquely identifies the user.

  • Default setting: Plug and Play is always available, and by default will prompt the person installing a device to find out whether to search the Windows Update Web site for the latest device driver.

  • Trigger and user notification: When an administrator adds hardware or updates a driver on a computer, and the computer is connected to the Internet, by default, Windows Server 2003 with SP1 prompts to find out whether to search Windows Update for driver updates. The search is conducted if the administrator consents.

  • Logging: If you use a Plug and Play driver with a device that is not Plug and Play, any associated issues or problems are recorded in the event log.

  • Encryption: Data transfer is based on interaction with Windows Update. The data is transferred using HTTPS.

  • Transmission protocol and ports: The transmission protocols and ports are HTTP 80 and HTTPS 443.

  • Ability to disable: Plug and Play cannot be disabled, because system instability would result. You can disable access to Windows Update using Group Policy.

Controlling Automatic Device Updating to Prevent the Flow of Information to and from the Internet

Windows will automatically update device drivers using Plug and Play, and it will even search for compatible drivers for devices that are not Plug and Play. You therefore may want to exercise various levels of control over the ability of someone who logs on as an administrator to install new hardware and to update hardware devices and drivers.

You can use Group Policy to:

  • Control whether Windows Update is included when Plug and Play searches for a device driver.

    This procedure is presented in the next subsection.

  • Suppress the prompt that by default is displayed before Plug and Play begins searching the Windows Update Web site for a device driver. This setting only has an effect if you also use a setting to specify that Plug and Play will search the Windows Update Web site for device drivers.

    This procedure is presented in the next subsection.

  • Turn off all access to Windows Update.

    If you turn off all access to Windows Update, it also means Plug and Play cannot search Windows Update. For more information about controlling access to Windows Update and for alternative approaches to updating such as Software Update Services, see the Windows Update, Automatic Updates, and Internet Communication section in this white paper.

Procedure for Controlling Where Plug and Play Searches for Drivers

When you install new hardware, Windows Server 2003 can potentially search four different locations for drivers in the following order: the hard drive, the floppy drive, the CD drive, and Windows Update. The default approach for Windows Server 2003 with SP1 is to search the first three locations, and then prompt you to find out whether to also search Windows Update. However, you can configure the driver search locations to remove selected locations.

This subsection includes procedures for configuring the following Group Policy settings:

  • A setting that controls where Plug and Play searches for device drivers.

  • A setting that specifically controls whether Plug and Play searches Windows Update for drivers. This setting is one in a collection of settings that control how various components communicate with the Internet,

  • A setting that suppresses the prompt that by default is displayed before Plug and Play begins searching the Windows Update Web site for a device driver. This setting only has an effect if you also use a setting to specify that Plug and Play will search the Windows Update Web site for device drivers.

For additional procedures to configure policy settings for Windows Update, see the section Windows Update, Automatic Updates, and Internet Communication in this white paper.

To Specify Driver Search Locations for Plug and Play Devices

  1. As needed, see Appendix B: Resources for Learning About Group Policy, and then edit an appropriate GPO.

  2. Click User Configuration, click Administrative Templates, and then click System.

  3. In the details pane, double-click Configure driver search locations, and then click Enabled.

  4. Select or clear check boxes to prevent or allow searching of floppy disk drives, CD-ROM drives, or Windows Update.

To Disable Windows Update as a Driver Search Location

  1. See Appendix B: Resources for Learning About Group Policy, for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.

  2. Click Computer Configuration, click Administrative Templates, click System, click Internet Communication Management, and then click Internet Communication settings.

  3. In the details pane, double-click Turn off Windows Update device driver searching, and then click Enabled.

    Important

    You can also restrict Internet access for this and a number of other components by applying the Restrict Internet communication policy setting, which is located in Computer Configuration/Administrative Templates/System/Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Key.

To Suppress the Prompt That is Displayed Before Windows Update is Searched for a Device Driver

  1. See Appendix B: Resources for Learning About Group Policy, for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.

  2. If you want the policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, click Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, click User Configuration.

  3. Click Administrative Templates and then click System.

  4. In the details pane, double-click Turn off Windows Update device driver search prompt, and then click Enabled.

This setting only has an effect if you also use a setting to specify that Plug and Play will search the Windows Update Web site for device drivers.

For more information about Windows Update, see the Windows Update Web site at:

https://windowsupdate.microsoft.com/