Vista x64 Driver Signature Enforcement

I'm looking to disable the mandatory driver signature enforcement in Vista x64 Ultimate.  I have partially gotten that to work, but there still some that occasionally refuse to install simply because they are unsigned.  I'm not looking for a security lesson or "It's not a good idea" as I am aware of the intention of the "feature" and the possible consequences of unsigned drivers...that being said, I've tried disabling it in gpedit by:

1) User Configuration -> Administrative Templates -> System -> Driver Installation
enabling the "Code signing for drivers"
and then choosing "Ignore"
2) bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
3) bcdedit.exe /set nointegritychecks ON

While these methods do allow me to install many unsigned drivers, some still are blocked.

For responses to this question, I'm only looking for alternate methods that you have successfully used.  Thanks.
LVL 1
source2k3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ric TuteroCommented:
boot to advanced startup options (F8 on POST, just like XP, i believe) & there is a direct command to disable driver signature enforcement (on the bottom of the screen). Never did the steps you enumerated but after i chose to disable in the advanced startup on my system, the entire "feature" or any signs of it ceased to exist.
0
and235100Commented:
Using davybrator7's method:

"An F8 boot option introduced with Windows Vista—“Disable Driver Signature Enforcement”—is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions."

However, my solution will persist across restarts.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

source2k3Author Commented:
davybrator7,
That is a 1 time boot, it doesn't disable the enforcement, it just allows you to boot into windows to fix bad drivers.

and235100,
Did you even read my post?  
1) You linked to one of the methods in my original post, which stopped working in beta.

Anyone else?
0
and235100Commented:
The point being - the actual amount of existing, fully tested x64 Vista drivers is very small.

Microsoft have purposely gone out of their way to prevent you from using unsigned drivers - hence, you will need to find signed drivers!
0
source2k3Author Commented:
As I said, I'm not looking for discussion about the importance of signed drivers or security, I'm looking for working methods to turn off driver signature enforcement, other than the methods, I myself already posted.
0
and235100Commented:
Look here:

http://technet.microsoft.com/en-us/windowsvista/aa905109.aspx

What about signing the drivers for yourself - rather than trying to disable the need for signing?
0
source2k3Author Commented:
and235100,
I'm now convinced that you're not only not reading my posts, but not reading the information in the links you're posting.  I clearly said I'm running the x64 version of Vista Ultimate.  64 bit versions of Vista require drivers to have an SPC (software publishing certificate) from a CA that issues digital certificates.  This means that if you want to use a kernel level driver, you have to obtain an SPC from one of approximately 6 companies outside microsoft that can issue them.  That being said, you cannot sign your own drivers without an SPC on Vista x64.  If you had read what you linked me you'd see it is even stated in the article that the self-signing is only for 32 bit versions of vista.
With all due respect, please stop responding to my question as you clearly don't have an answer for me.  In fact, I should be given points for taking the time to read your posts and then for educating you.  
0
and235100Commented:
I was only pointing out possibilites - this is (obviously) not my specialist subject.

I see that no one else has responded more than once - possibly because you are rude and asking something that is impossible.

As you can see from my question history - I have helped a lot of people in the past - perhaps you should work on that before you make unnecessary comments like:

"I should be given points for taking the time to read your posts and then for educating you."

0
FeyakGoraleCommented:
Okay I just want to say this is a very tough question and it should be able to be done, and this is a rudimentary suggestion but did you try disableing UAC, at least during the driver installation, all things security should be disabled by doing this.

and just as a security thing for others who may read this, UAC should not be perminately disabled. and as I know the person who asked this question knows this, others may not

I will keep looking into this myself and let us know what the result was
0
FeyakGoraleCommented:
another item that I just found:

Cryptographic Services

this is listed under the vista services, this of course, as the name implys manages cryptography, and from a website previously provided there is a part of signed drivers that is encrypted, disableing this will yeild one of three results, the system won't boot, no drivers will install since it can't check the "thumb print", or all drivers will be able to be installed.

Try this at your own risk, and if you do try this let me know what the results are

A more advanced description of the service as to a website that I checked:

Provides four management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FeyakGoraleCommented:
some more information for the Cryptographic Service: an effect of disableing the service: Security will decrease since there will be nothing to verify that the driver you are downloading is trustworthy or safe.

So this may be your best option, but a side note that I found is that you will not be able to run updates, either auto nor manual while this service is disabled, but you can reenable it when you need to or just disable it for drivers. it would be up to you, but since it was not programed to run in a degraded mode, this is probably your best option
0
source2k3Author Commented:
I stopped the Crypto service, disabled it and rebooted.  No problems encountered.  I couldn't think of any unsigned drivers I wanted to try at the moment, so I just attempted to install the program AnyDVD, which installs a driver that intercepts cd/dvd rom autoplay, etc.  The program quickly installed successfully, so honestly I'm not sure if disabling that service would help to bypass driver signing enforcement, but I can't say that it doesn't help and honestly am getting tired of this thread, so I accepted your post and gave you the points. :)

Have a good day.
0
and235100Commented:
@ source2k3

For future reference, please read all the information here:
http://www.experts-exchange.com/help.jsp

Especially this section:
http://www.experts-exchange.com/help.jsp#hs5
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.