Digital signature of drivers: disable digital signature verification. Disabling the verification of digital signatures for drivers in Windows 7

When installing programs, applications or drivers, the user may have some problems with the publisher of these products. In some cases, you may receive a warning that the product does not have a digital signature, in others the program may not work at all because the operating system will block it. The way out of this situation may be to disable the verification of digital signatures from drivers in Windows 7. But before doing this, let's see what we are dealing with.

What it is

Despite the fact that disabling the digital signature verification of Windows 10 drivers (and any other OS) is a matter of five minutes, it is always necessary to know exactly why you are doing this.

When developing any software, the manufacturer puts a special label on it to protect its product from interference from third-party developers. After the signature, the product can not be changed without its destruction, which means that the absence of an EDS is a signal about the threat to the security of your PC. However, not all software without a signature is dangerous. Perhaps, it's just that the developer did not spend money on official signatures. So judge for yourself how useful is the digital signature of the drivers. Disabling the verification of the digital signature will only result in the fact that when installing the unknown software you will not be notified of this, and the OS will quietly allow the new process to work.

Security

Before you disable the digital signature verification drivers, make sure you understand what you are doing. There are many options for which you might need to do this. For example, you know exactly where the software came from and trust the publisher. Moreover, you are engaged in the development of programs and decided to test your offspring in "field" conditions. In this situation, blocking the check is the only true solution that a programmer can accept.

Or, say, you downloaded the game through the "Steam" service, and it does not start, and in the comments users recommend to prohibit the operating system to check the driver. But in this case, you can get the same thing as with the infamous Black Desert. Together with her, the program "Thor.exe" was installed on the computer, which heavily loaded the system and began to wind its traffic for bitkoyanov at your expense.

As you can see, the risks are not comparable at all. In any case, it's up to you whether to risk your system for the sake of installing questionable applications. In addition, if you do something wrong, as the instructions say, your system can suffer very severely. Be sure that you perform all the actions exactly as written.

Loading

Finally, we got to the basic information for which our article was written: "Digital signature of drivers: disabling digital signature verification". We'll start with the simplest version.

You can configure this option when selecting "special options" for booting the operating system. And this method works both on the "seven", and on all subsequent versions of the operating systems.

• To use this tip in Windows 7, when you start the PC, press F8. After that, a menu will appear in which you can select the item "Disable mandatory driver signature verification".
• Everything is slightly more complicated when we talk about Windows 8. Open the right "drop-down" panel and select "Options". After that, go to "Change ...". The following pass-through menu appears. In the "Update and Restore" section, select the second option and specify the specific options. After that, reboot. As a result, another window opens before you. We pass to "Diagnostics", and then to "Parameters ...". Click "Restart" and select the required option.
• With the "ten" everything is the same as the previous version.

As you can see, the digital signatures in Windows 7 are disabled most simply in this case. However, there are more common options that are suitable for most operating systems. It is also worth noting that this method is good only if you need to install drivers. It is likely that with the next normal boot of the operating system, they may stop working.

Administration

It is worth mentioning immediately. In Windows 10 Basic, this feature is not available, but it works great in the Pro version. In earlier operating systems, this method also works without any problems.

To use this function, we need to start the Group Policy Editor. To do this, open the "Start" menu. At the bottom of the opened screen there is a search field. In it you need to enter gpedit.msc. In addition, there is another way to start this service. Press the Win + R key combination. In the dialog box that opens, also enter the command.

After entering, the Group Policy Management menu appears before you. In the left half of the window, go to the "tree" of the folders in the following way. First, find the "User Configuration". In it, open the "Administrative Templates". After that you need to go to "System", and afterwards to "Install the driver".

At the end of the "path", three items appear in the right window, one of which is the "Digital signature of drivers" that we are looking for. The digital signature is disabled from the internal menu. Click twice on the desired item, and the corresponding window will appear. After that, you have two options:

1. In the drop-down list, simply select "Disconnect". After that, this function will stop working at all and will resume its activity only after you do the same operation anew.
2. Leave the item "Enable" selected, but just below, in the action options, specify "Skip unsigned drivers".

Command line

The next option how to disable the digital signature verification driver in Windows is hidden in the ability to handle the command line. This method is preferable if you have the ability to start the console, but the shell itself works with difficulty.

There are two sets of commands that you need to enter in order for this method to work. In this case, always include the command line in the administration mode. So, here's what you'll have to enter.

1. For both cases, you will need the bcdedit.exe command. Otherwise, only the additional parameters set by the -set tag will differ. After you have all registered, specify the option nointegritychecks ON. This is important: you must "include" this parameter, because it is responsible for disabling the signature verification. If you need to get everything back, just write the same command, only with the OFF parameter.
2. The second option will require you to register the team twice. Only as parameters it will be necessary to first set loadoptions DISABLE_INTEGRITY_CHECKS, and then TESTSIGNING ON. After entering each operation, you should receive a message stating that the operation was successful.

Forgery

If you are interfered with by the digital signature of drivers, disabling the verification of a digital signature is not the only possible option. You can always try to sign the driver yourself. So to say, to forge the signature so that the operating system would consider them real. However, this method works only on the "Seven". In later operating systems, this feature is not available.

In short, this method will contain three steps:

1. Create a certificate.
2. Add it to the repository of trusted publishers and certification authorities.
3. Sign the driver.

In general, the procedure is rather complicated and illegal, so we will not seriously consider it here. And if you install the ready-made software, this method will not help us, since it is dangerous for the integrity of the program and its performance to invade the compiled and configured other's files.

Summary

Today we have considered many different ways to achieve the task set before us, which can be used by anyone, even the most illiterate user. The only thing, several times well think how much you are beneficial to expose your computer to the risk, and how justified is the desire, for example, to play a computer toy, then to lose a lot of personal data from the computer due to the fact that the digital signature of the drivers is not verified. Disabling of digital signature verification should be performed only in extreme cases.

As an additional recommendation, you should advise the following. After you finish all operations with unsigned drivers, return all settings to the location. You never know when this or that service might be useful.