Windows 10 driver signature disabling program. Disable driver digital signature verification

Sometimes it is vital for us to install an unsigned device driver - for example, a favorite printer or scanner. But we cannot do this, because the operating system on the computer is too smart and does not allow us to do something as stupid as installing ancient “firewood” from an unknown source. Is there really no way to defeat an overly smart OS? Nothing like this! There are at least two ways to do this.

Disable driver digital signature verification in UEFI

The first thing to note is that this guide will only work if your computer is running UEFI and not an older BIOS. Typically, UEFI is installed if you purchased your computer with Windows 8 or 10, or if the PC itself was released after 2012.

So, first launch UEFI. This is quite easy to do. After logging into the operating system, you need to click on the notification icon and select “All settings”. After this, in the settings you should open the “Update and Security” > “Recovery” item.

If UEFI opened in a blue design, select Troubleshoot. Under Advanced Options you will find Boot Options. This button will display all available launch options.

Use the key to select the "Disable driver signature verification" option. After this, you can install the unsigned driver.

Disable driver digital signature verification from the OS

For those who are afraid to get into the motherboard settings, there is another way to disable driver signature verification from the system itself. To do this, press the and [X] keys simultaneously - a small menu will open in the lower right corner of the screen.

Select the "Run (administrator)" option and confirm the request by clicking "Yes".

In a new command prompt window, enter the command “BCDEDIT -Set LoadOptions DDISABLE_INTEGRITY_CHECKS” without the quotes and confirm with .
Then enter the command "BCDEDIT -SET TESTSIGNING ON" and confirm again with .

In a new command prompt window, enter the command “BCDEDIT -Set LoadOptions DDISABLE_INTEGRITY_CHECKS” without quotes and confirm with Now you can install unsigned drivers under Windows 10. However, a caveat: if the instructions do not work, add two forward slashes to the “–”, or two slashes, -“/”.

Disabling this option is possible through the command “BCDEDIT –Set LoadOptions EENABLE_INTEGRITY_CHECKS” > “BCDEDIT –Set TESTSIGNING OFF”.

As a rule, disabling driver signature verification in Windows 10 is necessary when the downloaded device driver does not have a digital signature confirming the security of the program. Driver signing ensures that the file comes from a trusted source and is not a virus.

Installing drivers without a digital signature is not always safe, but there are situations when this is the only way. For example, the driver may simply not have been tested for compatibility with your version of Windows. This article will teach you how to disable driver signing in Windows 10.

Disabling Windows 10 Driver Signature Verification One Time

This method allows you to disable driver signature verification one-time, until the next computer restart. That is, we disabled the verification, installed the driver, rebooted Windows and that’s it, the signature verification service works again.

Click on the Start menu and go to Windows Settings (gear icon).

Go to the "Update and Security" section.

Go to the “Recovery” tab and in the “Special boot options” section, click “Restart now”.

Next, go to the “Download Options” item.

A menu will open with a choice of boot options for Windows 10. Click on the “Disable mandatory driver signature verification” item.

You can either click on this item or simply press the F7 key on your keyboard. After this, Windows 10 will boot without checking driver signatures, and you can safely install it. The next time you boot your computer, signature verification will work again.

Disable Windows 10 Driver Signature Verification Permanently

If there are three solutions, how can you disable driver signature verification forever.

Disable via Group Policy.

Disabling signature verification through the Group Policy Editor is only possible in Windows 10 Professional. If you have a home version, then the method described in the next chapter of this article will suit you.

Launch the Windows 10 Local Group Policy Editor. To do this, right-click on the Start menu and left-click on “Run”. Or just press the Win+R key combination.

Write gpedit.msc in the window that opens and press OK or Enter.

In the Group Policy editor that opens, go to the following registry branches: “User Configuration” - “Administrative Templates” - “System” - “Driver Installation”. Double-click on the line on the right “Digital signature of device drivers”.

In this setting, you can choose two options in which you will solve your problem with driver signature verification. By default, the setting is “not configured”. If you enable the setting, then select the “skip” subsetting. In this case, if Windows detects a driver file without a digital signature, it will still allow you to install it. You can also explicitly select “disabled” and in this state the check will be disabled in principle.

Once you have changed the settings click “Apply” and “OK”. After restarting the computer, driver signature verification will not be performed. If you need to return driver signature verification again, you will have to return to this menu and select the setting status “enabled” and “block”.

Disabling via command line

Disabling driver signature verification via the command line has a limitation. This feature is only available if your computer is running BIOS. If you have UEFI, then you must first disable Secure Boot.

The procedure is as follows. Right-click on the Start menu and open Command Prompt with administrator rights.

In the command prompt that opens, type the following command and press Enter.

bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS

Now enter the second command and also press Enter.
bcdedit.exe -set TESTSIGNING ON

After the commands work (as in the screenshot above), restart your computer. Checking driver signatures will be disabled, but a sign indicating the test mode of Windows 10 will always be displayed in the lower right corner of the screen.

To remove it, you will need to open a command prompt with administrator rights and enter the following line there:

bcdedit.exe -set TESTSIGNING OFF

Disable via Safe Mode and bcedit

This proven method is, in my opinion, the most convenient. Start your computer in Safe Mode.

Right-click on the Start menu and launch Command Prompt with administrator rights.

At the command prompt, enter the following line: bcdedit.exe /set nointegritychecks on and press Enter. Reboot your computer, after which signature verification will be disabled.

To enable the check again, perform the same operations, but enter the line bcdedit.exe /set nointegritychecks off.

Windows 8 has a special security module installed that is responsible for blocking the process of installing drivers on your computer without a digital signature. What's the point? In fact, such a firewall provides reliable protection for your PC from Trojans, spyware and other unwanted programs. It would seem that the advantages are obvious. However, such a precaution is unlikely to fit into the plans of users who need to update the software of outdated devices. In this case, the only thing left for them is to disable the verification of its signature in OS Windows 8 during driver installation.

You can perform a similar procedure in several ways. However, regardless of the method chosen, to disable driver digital signature detection, you must make sure that the software installed on your computer does not contain a virus or any other threat to the system, otherwise the consequences may be very unpredictable.

Method number 1: Disable via boot options

In order to disable digital signature verification for one specific driver in OS Windows 8 once, the easiest way is to reconfigure the system from the “Boot Options” menu. To do this, use the +I key combination to open the “Options” tab in the Charm Bar. After that, press Shift on the keyboard and, holding it down, click the “Shutdown” button and select “Restart” from the menu that appears:

Now open the “Diagnostics” section, find the “Advanced parameters” item in it and click on it with the mouse:

As a result, the “Download Options” window we need will appear. Now the only thing left is to press F7 or just the number 7 on the keyboard to disable checking the installed driver for a digital signature on our computer in Windows 8:

It is worth noting that disabling security mode is only valid for one PC session. This means that the next time the system is rebooted, the process of blocking unsigned drivers in Windows 8 while they are being updated will be automatically activated. In this case, all previously installed, working “firewood” that does not have a digital signature will not be affected.

Method number 2: Disable using the gpedit.msc command

In the event that you need to install several unsigned “firewood” in Windows 8 at different times, it is more logical to completely disable the digital signature detection function through the Local Group Policy Editor. In order to run it, press +R on the keyboard, set the command gpedit.msc for the “Run” utility that opens and click the OK button:

The next step is to open the “User Configuration” folder in the menu on the left in the system window that appears, select “Administrative Templates” in it and go to the “System” section. After that, go to the “Driver Installation” folder, find the “Digital signature...” parameter in it and double-click on it with the mouse:

Now in the window that appears, check the box next to the “Enabled” option, select “Skip” as an option for Windows 8 when updating the “firewood” and click OK to save the settings:

As a result of such simple manipulations, we will be able to completely disable the registration of “firewood” installed on the PC. As you can see, this process is not at all complicated. The only thing is that before you completely disable the blocking of detection of unlicensed software, do not forget to check the installed programs with an antivirus program so as not to accidentally introduce viruses into your operating system.

It cannot be said that the digital signature of the driver is akin to that widow of a retired lieutenant who flogged herself, but analogies simply suggest themselves. To the question: “What is a digital signature of drivers and why is it needed?” - the answer will be very simple. Firstly, this is a certain sequence of codes inserted into the code of the driver program by its developer himself, and which the operating system (in this case, Windows) knows about (or knows the algorithm for obtaining these codes).

Ways to disable digital signature verification of Windows drivers.

And secondly, it’s already quite simple and clear: when a driver is installed in the system, it checks its digital signature for authenticity. If everything matches, then the installation continues. If it doesn’t match, then, of course, it stops. The very idea of ​​a digital signature is not new at all; it has been used for a long time (and is still used today, although more advanced mechanisms for protecting against distortion have long been developed) in information transmission systems and was often called a “checksum”. In the simplest version, it was simply a byte-by-byte “modulo 2 addition” of the entire contents of the file.

Well, then politics comes into play - for starters, the business policy of equipment manufacturing companies and, accordingly, drivers. The device has been developed, its driver has been developed, now the developer just needs to convince Microsoft to insert information about this driver into Windows so that it recognizes the device and its driver from this particular manufacturer. After all, there are plenty of third-party competing developers who can develop their own driver for the same device - better or worse, it doesn’t matter, the main thing is that it’s illegal, and therefore unacceptable for use in the system.

Further. A driver is a program, and thus subject to viruses. Moreover, such a program is an unkillable card for viruses, because the driver will be launched in any case, and by the system itself. But the virus “does not know” the digital signature of the driver, and Windows will check the authenticity of the signature every time it is installed - this is a way to protect against drivers infected with viruses and another advantage of a digital signature.

But, on the other hand, there are, indeed, plenty of drivers from “third companies” that significantly exceed the official ones in their characteristics. But they do not have a digital signature, which means they cannot be installed unless you disable driver digital signature verification in Windows. And this possibility is provided by Microsoft itself; it did not “burn bridges behind itself” here. By default, Windows boot options provide for mandatory verification of the driver’s digital signature, but this can be canceled if, of course, you understand the danger to which the system is exposed - either from a crookedly written “non-native” driver or from viruses.

A small nuance - incidentally

Disabling driver signature verification in Windows 10 or any other version is so important that some developers include it as a prerequisite for the functioning of their program. This is usually how all sorts of gaming applications behave. Here is a good example – games from the 4Game service. At the dawn of the service, it was necessary to first download a special client for drivers, but over time they decided to simply build everything necessary into browsers. This change led to a radical change in the protection policy, which was called “Frost”.

The only problem is that the new policy does not work without first disabling mandatory driver signature verification. Here, however, you will have to “turn off” your questions about how an official service can offer to disable the official system protection against piracy and viruses. But, in the end, Microsoft itself provides this opportunity. Well, then the developer’s policy in this case is not included in the current subject of the proceedings, especially if Microsoft is “not against it.”

Ways to disable driver digital signature verification

There are several ways to solve the problem of how to disable digital signature of drivers in Windows 7, 8 and all subsequent versions. Many of them are very similar to each other. The first possibility is that you will need to work on a computer with system administrator rights. We start working with the command line - go to the Main menu of the system by clicking the “Start” button. Then select “My Programs” and “Standard”. In the list that opens - “Command Line”. In the “black window” that opens, in the prompt line, enter:

• bcdedit.exe /set nointegritychecks ON to disable mandatory driver signature checking.

To enable the check again, use a similar line, but with “OFF”:

• bcdedit.exe /set nointegritychecks OFF

Why disabling the check is ON, and enabling it is OFF can be understood from the name of the parameter used - “nointegritychecks”, which translates as “without carrying out internal checks”.

Another possibility is also to use the bcdedit.exe system utility on the command line. But here we act in two stages. First, type and run the utility with the value of the loadoptions parameter:

• bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

Then with the value of the signature testing parameter testsigning:

• bcdedit.exe -set testsigning ON

It is imperative that you wait until the “Operation completed successfully” message appears in the command window; it may appear after a short delay. Driver digital signature verification is now disabled. In order for the signature verification to work again, enter the same commands, but in reverse order and with different parameter values:

• First bcdedit.exe -set testsigning OFF
• Then bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS

The third option suggests disabling Windows 8 driver signature verification when the computer boots. This feature is very convenient if you just need to test the driver.

So, when loading, press the F8 key to enter the system boot menu, and there we select the boot with the cancellation of driver signature enforcement - Disable driver signature enforcement. When the system boots, you can install any drivers, with or without signatures, they will not be checked. Here, however, you need to understand that this feature only works until the system is rebooted.

The fourth option involves using the operating system's local group policy editor, although it does not work fully on all versions of Windows. We proceed as follows - in the Main menu of the system, select “Run” and in the line to execute type gpedit.msc. We launch the Group Policy program, which opens the window of the same name. In the window on the left, go sequentially along the folder path - “User Configuration” - “Administrative Templates” - “System”. Next, select “Driver Installation” and the “Digital Signature” parameter, which needs to be changed.

To change, either double-click on the parameter with the mouse or select the inscription on the left - “Change parameter”. To disable, select the “Disabled” switch and accept the changes (OK or “Apply” button). All Group Policy settings are enabled without rebooting the system, although if you have any doubts, you can reboot and at the same time check the status of the setting again.

We pay attention to one feature - the “Warn” switch. Selecting it when using an unsigned driver will nevertheless allow you to complete the driver installation, but it will not be accepted for work anyway.

Well, the last, already radical option is to forcefully sign the driver, which can also be done via the command line using the pnputil utility:

• pnputil –a<полное имя файла драйвера>. By “full name” we mean a string in the format:
• <диск>:<путь по папкам>/<имя файла>.<расширение файла>

Conclusion

When influencing the operating system's operating policy with digital driver signatures, you need to understand that you are interfering with the operation of the system itself, changing its environment, primarily security. And it’s not so much a matter of viruses, it’s a matter of the correct operation of the “left” driver that is supposed to be used. Errors in driver implementation can be worse than the most dangerous virus. The result is the same - complete inoperability of the system and the need to reinstall it. Nevertheless, manipulating this internal security tool is very useful for understanding the functioning of the operating system itself.

Good day, dear readers, Trishkin Denis is here!

Windows users who have worked on versions of XP and earlier are well aware that these operating systems often have problems installing new hardware. In new developments, there are also unpleasant moments, but the digital signature of the driver is most often to blame. The fact is that, starting with this version, Microsoft has tightened the requirements for software that allows you to connect new equipment. Before installation, the OS checks for the presence of the required label. If it is not detected, the device will not work. But there are ways to get around this.

The digital signature of the driver is a special security label that indicates the creator of the software and also notes its changes after the moment of certification. If the corresponding software has such a “stamp”, you can be sure that it is of high quality and nothing has happened to it since its release.

Is it possible to install a driver without a signature?( )

It is almost impossible to determine that, after publication, a file without the appropriate mark has not been modified. It is advisable not to allow such software to be opened on your computer unless you are 100% sure of the reliability of the source and its complete security. The problem is that such documents usually hide viruses.

What to do during installation?( )

During the installation of a new program, a window will appear indicating one of the warning messages:

The problem is that there are no reliable sources on the Internet that can confirm the reliability of the user who published the program. In fact, anyone can open the contents of a package and change it. The first version could indeed have come from the manufacturing company. But if there is no tag, someone most likely changed it.
I recommend installing such programs only if you received it from a licensed disk.

If you decide to use such software, most likely the operating system simply will not let it through automatically. Therefore, the installed hardware will have a special mark (exclamation mark in a yellow triangle) in the device manager.

Important! The Windows 7 e-label verification policy works in all versions: x86 and x64. The main reason for introducing this rule is to increase the security and stability of the system.

But for users this is not always convenient, since sometimes there are devices that simply need to be installed, but the operating system simply does not want to do this. There is no need to worry - there is a way out.

There are several ways to disable electronic tag verification:

This method allows you to temporarily disable the function we need. To do this, press the button during loading F8. A black screen will then appear with OS boot options. You need to select " disabling mandatory driver signature verification».

Then we launch Windows and install the necessary software. You can immediately test its operation.

If you boot the system in operating mode, the new device will not work.

Disable via Group Policy( )

To avoid checking electronic tags at all, you can disable it through Group Policy. To do this, you need to open the program “” and then type gpedit.msc.

In the window that appears you need to go:

Now you can install any drivers.

Disabling via bcdedit( )

To write the code, open the command line as administrator. In the window we type the following:

bcdedit.exe /set loadoptions DDISABLE_INTEGRITY_CHECKS

bcdedit.exe /set TESTSIGNING ON

Press Enter.

Successful completion will be confirmed by the appropriate command. Restart your computer and check.

To turn this feature back on, after the tag " TESTSIGNING"we write" OFF».

If we consider this issue as a whole, such additional protection allows the system to work longer without interruptions. On the other hand, some devices may simply not function on your computer because Windows considers them to be dangerous. In any case, the choice whether to install an unsigned product or not is up to you. After all, the issue of computer security lies entirely on the shoulders of its owner.

I hope you found something new in the article. Subscribe and tell your friends about us - let them also be computer literate.