As surely many of you will already know firsthand, Windows 10 it is an operating system that has several different security features. Some are quite obvious, like the warnings we receive when we run an unsigned file. The same happens when Windows Defender blocks the execution of a potentially dangerous or malicious executable file. In addition to these two security features that we know so much about, there are many less known ones that keep the system safe.
This is precisely what we are going to talk about in the next few lines. Specifically, we refer to a section as important as the signature of the drivers that are part of the operating system.
What is driver signing in Windows
First of all we will tell you that the signature of the drivers in Windows is very similar to what happens with signed applications. To give us an idea, a signature on a file verifies that the running application is secure. At the same time it indicates that it is approved by the program developer and by Microsoft. On the other hand we will say that the two-level approval means that the manufacturer has published the drivers for a specific software and operating system.
In turn, it also means that they have Microsoft’s own seal of approval. These are delivered through the operating system to make it easier for users to obtain them and also for Microsoft to distribute. Although this function is very interesting, it can sometimes cause certain problems. For example when drivers are installed that are not digitally signed and there is no signed alternative available.
Also unfortunately install drivers that are not signed is much more difficult than installing applications that are not signed. We can’t just click the Allow Execution option that we find with unsigned programs to get it going. Instead what we do is disable the driver signature security feature to install the desired driver.
Start without drivers signing feature
It is also worth knowing that a temporary solution is this one that we will talk about below. Specifically, we refer to the possibility of starting the desktop with the driver signing function disabled. This will allow us to install the driver that we need and that is not digitally signed. Of course, when we restart the system, the functionality will be activated again automatically.
For this that we are commenting on, we will have to start Windows in safe mode. We do this by accessing the start menu and clicking the power button but keeping the Shift key pressed and clicking Restart. Now when I come back to boot the pc we will see the one to Troubleshoot. Next, we go to Advanced Settings and select Startup Settings.
Here we can see the option called Disable the mandatory use of signed drivers. Therefore we will only have to click on Restart.
Disable driver signing in Group Policy
We can also make use of this other solution, although only those who have Windows 10 Pro. This is basically because in this case we are going to use the group policy editor. This is one functionality which is not available in Windows 10 Home. For this that we tell you, we press the keyboard shortcut Win + R to open the Run box. In it we introduce the gpedit.msc command to open the window that interests us in this case.
We go to User Configuration / Administrative Templates / System / Driver Installation. Here we locate and double-click Code Signing for Device Drivers. In the window that opens we will only have to click on Disable and restart the system.
Run Windows 10 in Test Mode
Windows 10 has a startup mode that is intended for when you have applications or drivers that are not signed. This is called Test Mode and we are going to show you how you can run it. The first thing is to open a Command Prompt window with administrator permissions. Here we execute the following command:
bcdedit /set TESTSIGNING OFF
Then we reboot the system and install the unsigned driver that we want to use. When we are done, we open the Command Prompt window again with administrator permissions. Now what we will do is run the following command to return to normal Windows 10 mode:
bcdedit /set TESTSIGNING ON
Disable driver signing feature forever
The first thing to know here is that this step should be used with caution. We say this because permanently disabling a security feature in any operating system is usually not a good idea. Having said that, if it is the only solution, we will tell you how you can achieve it.
The first thing will be to open a window of the symbol of the system with administrator rights as we saw previously. Next we run the following command to permanently disable the driver signature security feature:
bcdedit.exe /set nointegritychecks on
We only have to restart the computer and install the drivers that are not signed but that we need. Later, if we want to reactivate this security function of the driver signature, we use the following command:
bcdedit.exe /set nointegritychecks off
In fact, as we mentioned before, it is not advisable to deactivate some of the functions of windows security. For this reason, if we choose to use this last method, it is recommended that once we have installed the drivers without signature, we start the integrated functionality again. This will help us to work with a more reliable and secure operating system.
Keep in mind that the software giant Microsoft implements these security functions from the outset, which we are talking about for a reason. That is, they are integrated to protect our data and applications from external malicious factors.