Steps for Staging a Device Driver Package in the Driver Store
Applies To: Windows 7, Windows Server 2008 R2
Staging a device driver package in the driver store on the client computer ensures the smoothest user experience. After the signed driver package is in the driver store, Windows considers the package trusted. As long as you do not have a device installation restriction policy in effect for a specific device, the user can simply plug in the device and Windows silently installs the device driver.
Windows includes a tool called PnPUtil that you can use to manage the driver store, including adding driver packages, removing driver packages, and listing the driver packages that are in the store.
|You can only run the PnPUtil tool from a command prompt that is running with administrator permissions. The tool cannot invoke the User Account Control dialog box. If you attempt to use the PnPUtil tool to add or remove packages from a command prompt that is not running as administrator, the command will fail.|
Windows interrupts an attempt to install an improperly signed driver package.
At the x86 Free Build Environment command prompt with administrator permissions, temporarily rename the .cat file to effectively remove the signature from the driver package. You must be in the folder containing your device driver files (c:\toaster\device). Type the following command:
ren toaster.cat toaster.nosig
Attempt to stage the unsigned package. At the command prompt running with elevated permissions, type the command:
The Windows Security dialog box appears because the .inf file is not signed. Windows cannot match it against the certificates that are trusted by the computer.
Click Don't install this driver software.
The PnPUtil tool indicates that the staging operation failed:
Adding the driver package failed : A file could not be verified because it does not have an associated catalog signed via Authenticode(tm). Total attempted: 1 Number successfully imported: 0
Rename the catalog file back to its correct name. At the command prompt, type:
ren toaster.nosig toaster.cat
Windows will also interrupt an attempt to install a driver package that has been modified after it was signed. Because the signature includes thumbprints for each file, making a change to any of the files in the package causes the validity check for the signature to fail.
Save a copy of the correct toastpkg.inf file. At the command prompt type:
Copy toastpkg.inf toastpkg.orig
Modify toastpkg.inf so that its thumbprint is no longer valid. Open it in Notepad:
With the cursor at the very beginning of the file, press Enter to add a blank line, and then save your changes and close Notepad.
Attempt to stage the modified package. At the command prompt, type:
Because the package was modified after being signed, the Windows Security dialog box appears, warning you that Windows cannot verify the publisher, an indication that the signature is invalid. In this case it is invalid because one of the hashes included in the signature no longer matches the associated file.
Click Don't install this driver software.
Overwrite the modified .inf with the original. At the command prompt, type:
Copy /y toastpkg.orig toastpkg.inf
Attempt to stage the package. At the command prompt, type:
Because the signature attached to the package is valid, the files are unmodified, and the file thumbprints match the signature, Windows successfully stages the package, with no prompts. The output includes the published name with the OEM number that you can use to remove the driver package from the store later, if needed.
Make note of the number assigned to your package.
Microsoft PnP Utility Processing inf : toastpkg.inf Driver Package added successfully. Published name : oem2.inf Total attempted: 1 Number successfully imported: 1
Note The number assigned to your package might be different due to the number of driver packages that are already installed on your computer.
You can view the package in the store by running the PnPUtil tool with the -e (for 'enumerate') parameter.
At the command prompt, type:
Look for the package with your OEM## listed in the output. Make note of this number because you might need it later. You can also see the version number and date that you entered in the .inf file.
Published name : oem2.inf Driver package provider : Toast´R´Us Class : Unknown driver class Driver version and date : 05/01/2009 18.104.22.168 Signer name : MyCompany - for test use only
At this point, the driver package is now in the driver store. The driver package was staged by an account that has the required administrative rights, and Windows has checked the validity of the digital signature, so the device driver can be installed by a standard user by simply attaching the device.
|In this procedure, you run the Enum.exe tool as an administrator, even though Windows can install a device driver from the store as a standard user. The elevated permissions are required because of the simulation of the hardware in software, not because of the device driver installation process. If you follow these procedures with a real hardware device, using a vendor-provided device driver, you do not need to be logged on as an administrator when inserting the device.|
Log off, and then log on as DMI-Client1\TestUser.
Open a command prompt with administrator rights. Click Start and All Programs, and then click Accessories. Right-click Command Prompt, and then click Run as administrator.
On the User Account Control page, you are asked to specify an administrator account and its password. Select TestAdmin, enter its password, and then click Yes.
The command prompt opens.
Start Device Manager so you can view the installed device. At the command prompt with elevated permissions, type the following command:
Rearrange the windows so you can use the command prompt while still seeing the contents of Device Manager.
Change to the c:\toaster folder. At the command prompt, type the following command:
Run the Enum.exe tool, which simulates plugging in a Toaster device. At the command prompt, type:
Enum -p 1
After the device driver finishes installing, the device appears in Device Manager.
|Do not attempt to uninstall the device driver until instructed to do so in the following procedure.|