Plug and Play
This section provides information about:
The benefits of Plug and Play
How Plug and Play communicates with sites on the Internet
How to control Plug and Play to prevent the flow of information to and from the Internet
On This Page
Benefits and Purposes of Plug and Play
Overview: Using Plug and Play in a managed environment
How Plug and Play Communicates with Sites on the Internet
Controlling Automatic Device Updating to Prevent the Flow of Information to and from the Internet
Procedure for Controlling Where Plug and Play Searches for Drivers
Related Links
Benefits and Purposes of Plug and Play
Windows Plug and Play provides ease of support for installing devices on computers in your network. You can simply plug in a Plug and Play device and Windows does the rest by installing any necessary drivers, updating the system, and allocating resources. After you install a Plug and Play device, the driver is configured and loaded dynamically, typically without requiring user input.
Plug and Play in Microsoft Windows XP Professional with Service Pack 1 (SP1) provides the following functionality:
Detects a Plug and Play device and determines its hardware resource requirements and device identification number (Plug and Play ID).
Locates an appropriate device driver for newly installed devices.
Allocates hardware resources.
Dynamically loads, initializes, and unloads drivers.
Notifies other drivers and applications when a new device is available.
In conjunction with power management, handles stop and start processes for devices during hibernation, standby, and startup and shutdown operations.
Supports a wide range of device types.
In order to install devices using the hardware wizards, you must be logged on as an administrator or a member of the Administrators group. You can then use the hardware wizards, such as the Hardware Update Wizard, to search the Windows Update site for device drivers. All drivers obtained through Windows Update are signed by Windows Hardware Quality Labs (WHQL). The WHQL provides compatibility testing services to test hardware and drivers for Windows operating systems.
Note Some buses, such as Peripheral Component Interconnect (PCI) and universal serial bus (USB), take full advantage of Plug and Play. Older buses, such as Industry Standard Architecture (ISA), do not take full advantage of Plug and Play, and require more user interaction to ensure that devices are correctly installed.
The Windows Update site is located at:
https://windowsupdate.microsoft.com/
Overview: Using Plug and Play in a managed environment
The Plug and Play feature is enabled by default in Windows XP. When a person who is logged on as an administrator installs a Plug and Play device, and there is a connection to the Internet, Windows XP automatically accesses Windows Update to search for a device driver. Windows XP will, however, only access and use drivers signed by Microsoft Corporation. The same support is provided when an administrator uses the Found New Hardware and Hardware Update wizards.
As an IT administrator in a highly managed network environment, you want to control the ability of users and administrators to install new hardware and to thereby access the Internet automatically when Windows XP searches for device drivers. For a more secure environment you can prevent users and administrators from installing hardware devices, or you can limit their ability to do so with Group Policy.
There are also policy settings you can use to disable Windows Update for all users, including other administrators. If you do prevent certain administrators from automatically accessing Windows Update, there is the option for manually downloading the updates from the Windows Update Catalog, whereby they can be distributed on your organization's network as needed.
Using Group Policy to disable access to Windows Update and configure driver search locations is described in the subsection "Controlling Automatic Device Updating to Prevent the Flow of Information to and from the Internet."
How Plug and Play Communicates with Sites on the Internet
There are several instances when a computer running Windows XP will access the Internet as part of Plug and Play:
When Plug and Play searches for a driver for newly installed hardware
When an administrator updates the driver for existing hardware
When a person logged on as an administrator connects a new hardware device and there is no driver available on the computer, Windows XP will use the Windows Update service to search for available drivers on the Windows Update site. If an appropriate driver is found on the Windows Update site, Windows XP copies it and installs it on your computer. If your computer is not connected to the Internet, Windows XP displays a message prompting you to connect to the Internet.
As part of Plug and Play, when Windows XP searches for a device driver, interaction with the Internet takes place as follows:
Specific information sent or received: The Code Download Manager (CDM) calls Windows Update to find and download device drivers. The CDM also calls Help and Support Center, which logs Plug and Play IDs for devices that Microsoft does not have drivers for. Neither of these communications is under the direct control of Plug and Play. The CDM handles all of the communication between the computer and Windows Update. None of the communication between the computer and the Internet uniquely identifies the user.
Default setting: In Windows XP with SP1, Plug and Play is enabled by default and will search for drivers on the Internet by default. Plug and Play cannot be disabled as system instability would result. However, you can configure Plug and Play so it does not search the Internet for drivers.
Trigger and user notification: When an administrator adds hardware or updates a driver on a computer, and the computer is connected to the Internet, by default, Windows XP with SP1 searches Windows Update for driver updates and does not notify the administrator.
Logging: If you use a Plug and Play driver with a device that is not Plug and Play, any associated issues or problems are recorded in the event log.
Encryption: Data transfer is based on interaction with Windows Update. The data is transferred using HTTPS.
Transmission protocol and ports: The transmission protocols and ports are HTTP 80 and HTTPS 443.
Ability to disable: Plug and Play cannot be disabled as system instability would result. However, you can configure Plug and Play so it does not search the Internet for drivers.
Controlling Automatic Device Updating to Prevent the Flow of Information to and from the Internet
Windows will automatically update device drivers using Plug and Play, and it will even search for compatible drivers for devices that are not Plug and Play. You therefore may want to exercise various levels of control over the ability of someone who logs on to a client computer as an administrator to install new hardware and to update hardware devices and drivers. You can use Group Policy to:
Control whether Windows Update is included when Plug and Play searches for a device driver.
This procedure is presented in the next subsection.
Remove access to Windows Update.
When you enable the policy setting Remove access to use all Windows Update features, you block access to the Windows Update site from the Windows Update hyperlink on the Start menu and also on the Tools menu in Microsoft Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update Web site.
The Windows Update site is located at:
For more information about policy settings related to Windows Update, see the section "Windows Update and Automatic Updates" in this white paper.
Procedure for Controlling Where Plug and Play Searches for Drivers
When you install new hardware, Windows XP can potentially search four different locations for drivers in the following order: the hard drive, the floppy drive, the CD drive, and Windows Update. The default approach is to search all four locations successively until the correct device driver is found. However, you can configure the driver search locations to remove selected locations.
Included here is the procedure for configuring the Group Policy setting Configure Driver Search Locations. For additional procedures to configure policy settings for Windows Update, see the section "Windows Update and Automatic Update" in this white paper.
To Specify Driver Search Locations for Plug and Play Devices
As needed, see Appendix B, "Learning About Group Policy and Updating Administrative Templates," and then edit an appropriate GPO.
Click User Configuration, click Administrative Templates, and then click System.
In the details pane, double-click Configure driver search locations, and then click Enabled.
Select or clear check boxes to prevent or allow searching of floppy disk drives, CD-ROM drives, or Windows Update.
Related Links
For more information about Windows Update, see the Windows Update Web site at: