Section 2.2: Using Driver Signing

Some device drivers and some applications overwrite existing operating files as part of their installation process. These files can cause system errors that are difficult to troubleshoot. Microsoft has simplified the tracking and troubleshooting of altered files by digitally signing the original operating system files and allowing you to verify these signatures.

2.2.1: Configuring Driver Signing

You can configure how the computer responds to unsigned files on hardware tab of system. Here you can configure one of three responses:

• Ignore allows any files to be installed regardless of whether they are digital signature or not.

• Warn displays a warning message before allowing the installation of an unsigned file. This is the default option.

• Block prevents the installation of unsigned files.

Note: When you change the default Driver Signing option, you must select the Apply setting as system default check box in the Driver Signing Options dialog box. This will make the new settings the default system setting. If you do not select the Apply setting as system default check box, the settings will revert to the old setting when the computer is next rebooted.
2.2.2: The File Signature Verification Utility

Windows Server 2003 also provides a File Signature Verification utility, sigverif, that allows you to view the file's name, its location, its modification date, its type, and its version number.