Section 2.3: Using Driver Signing

Some device drivers and some applications overwrite existing operating files as part of their installation process. These files can cause system errors that are difficult to troubleshoot. Microsoft has greatly simplified the tracking and troubleshooting of altered files by digitally signing the original operating system files and allowing you to verify these signatures.

2.3.1: Configuring Driver Signing

You can configure how the computer responds to unsigned files on HARDWARE tab of SYSTEM. Here you can configure one of three responses:

  • Ignore allows any files to be installed regardless of whether they are digital signature or not.
  • Warn displays a warning message before allowing the installation of an unsigned file. This is the default option.
  • Block prevents the installation of unsigned files.

Note: Once you have set altered the Driver Signing setting, you must set it as the default setting or the setting will revert to the previous default setting on the next system reboot. To set the new settings as the default setting, select the MAKE THIS ACTION THE SYSTEM DEFAULT check box on the Driver Signing Options dialog box.

2.3.2: System File Checker

Windows XP Professional also has a System File Checker (SFC), which is a command-line tool that you can use to check the digital signature of files. SFC can be used from a command prompt. The syntax of the SFC tool is:

Sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]

Table 2.1: System File Checker Optional Command-line Switches

Switch Description
/scannow Used to perform an immediate scan of all protected system files
/scanonce Used to perform a scan of all protected system files only on the next system reboot
/scanboot Used to perform a scan of all protected system files every time the system reboots
/revert Causes the SFC settings to be returned to the default settings
/purgecache Purges the file cache
/cachesize=x Sets the file cache size

2.3.3: The File Signature Verification Utility

Windows XP Professional also has a File Signature Verification utility, sigverif, that allows you to view the file's name, its location, its modification date, its type, and its version number.

2.3.4: Device Diver Rollback

In addition to protecting you from driver-related trouble by warning you when you try to install an unsigned driver that has not been certified as compatible with Windows XP, Windows XP Professional also allows you to uninstall an updated driver and restore the previously installed version of the driver. This can be done in Safe Mode, if necessary. In other words, if you experience system problems after updating a device driver, you can roll back to the previous instaled version of the driver.

To roll back a driver:

  • Click on the start button
  • Click on CONTROL PANEL
  • Open SYSTEM
  • Click on the hardware tab
  • Click on DEVICE MANAGER.
  • Expand the hardware category to which the device driver belongs
  • Right-click the device driver
  • On the Device Properties dialog box, click on the driver tab
  • In the dialog box, click yes
  • Click OK

If no backed-up driver is available, then Driver Rollback is not available for the selected device. This could be because the device driver was not updated or the previous version of the device driver was inactive or dysfunctional. Windows XP Professional only backs up device drivers that are active and functional. Also, when you roll back to an unsigned device driver, Windows XP Professional will prompt you before overwriting the newer driver. Windows XP Professional will not you prompt when you roll back to a signed device driver.

Note: Driver Rollback is not available for Printers because the drivers are not configured through Device Manager; they are configured through the Printers and Faxes folder.