Before you start
Objectives: learn what are drivers and which tools can we use for their management.
Prerequisites: no prerequisites
Key terms: driver, management, device manager, signed driver, installation, update
The driver is a software package which enables interaction between the operating system and a specific piece of hardware. Without drivers Windows doesn’t know how to work with specific hardware device. Drivers are specifically designed for different types of hardware and different operating systems. As we know, Windows is available in both 32-bit and 64-bit versions. 32-bit drivers do not work with 64-bit Windows and vice versa. We should make sure that we have the appropriate device drivers before you install Windows. When talking about Windows drivers, as computer administrators we have to be aware of driver signing and what does it mean.
There is a lot of concern about the quality of the drivers, because they can cause system instability or they can contain viruses. Because of that Microsoft came up with a way to help us to ensure the quality and compatibility of the device drivers. This feature is known as Driver Signing. Driver signing is intended to ensure that the device software is compatible with Windows and to ensure that nobody has tampered with the drivers (that nobody inserted malicious code). If driver manufacturers send their drivers to Microsoft, they will be tested in Windows Hardware Quality Labs. Microsoft will make sure that the driver won’t cause blue screens of death which means that drivers signed by Microsoft are more reliable then unsigned drivers. If a device driver is approved by Microsoft, it qualifies for the Windows logo on the box. The signature also verifies that the publisher of the driver is a legitimate source. We also have a self-signed driver which is one that includes a digital signature, but the identity of the entity that signed the driver cannot be verified. For example, an administrator can generate a self-signed certificate that is valid within the organization, and use it to sign the driver. Self-signing is recommended for testing purposes only. In order for our driver certificate to be trusted by other organizations, we must obtain a certificate from a shared or public trusted certificate authority.
Unsigned and self-signed drivers may be installed but we lose the assurance of the driver source and its validity. In some situations we can only install signed drivers. For example, all kernel mode drivers in 64-bit Vista editions must be digitally signed. Starting with Windows Vista, Microsoft decided to add an extra protection to x64 systems: Device Driver Signature Enforcement. This means that we can install and use only Microsoft certified drivers in our system. If we want to install an unsigned or improperly signed driver in that situation, then Windows will let us know that the driver is not signed and won’t let us to install it.
There are some tools which we can use to work with signed and unsigned drivers. We can obtain a basic list of signed and unsigned drivers using thedriverquery command with the /SI parameter. We can also use sigverif tool to scan our computer and identify any unsigned drivers. Additionally, theDxDiag tool identifies problems with DirectX and graphic enabled devices.
Starting with Windows Vista, Windows has the driver store as a repository for all drivers on the system. The driver store is a protected collection of driver packages that have been approved for installation on the computer. The operating system maintains this collection in a secure location on the local hard disk. When we put some driver in the driver store, a non-administrative user can install the device without additional permissions. We can preload the driver store with drivers for commonly used devices. In Windows Vista and Windows 7, the driver store is located inWindowsSystem32DriverStore folder. Windows Update updates the driver store automatically.
Drivers can come with Windows or with the device itself on a CD. Sometimes we can get drivers through Windows Update, but the most reliable way is going to the manufacturers website and downloading the most recent drivers. Normally, we attach the hardware device to our computer, and then the Windows either automatically installs appropriate drivers or it prompts us for drivers with Found New Hardware wizard. Windows supports plug-and-play devices, so If we install a device and Windows already has a driver for it, it will automatically use it and enable the device. If we don’t have plug-and-play hardware, we may have to use Add Hardware wizard, which is located in the Control Panel, to manually install device driver. Sometimes, we are asked to first install the driver and then attach the device, which is typical for printers. Notice that plug-and-play does not replace the need for a driver. The operating system still requires a driver to be able to configure and use the device.
Another method for installing device drivers is called staging. Driver staging is the process of preloading drivers into the driver store or other authorized locations. Administrators can stage drivers in the driver store. Once the driver is in the driver store, any user can install the driver without providing administrative credentials. To stage drivers to the driver store we can use the PnPUtil (PnPUtil.exe) command line tool (supported on Windows Vista and later versions of Windows). If the driver being staged is not signed, Windows will prompt the user for confirmation, so that the staged driver can be considered trusted.
We should make sure that we always have the latest drivers installed. There are three ways of updating drivers. When we buy some device we also get a CD with the drivers for that device, but the manufacturer may later update the drivers and correct the bugs or add new features. The first way of getting latest updates is using the Windows Update feature which will go online and check if there is any new drivers for our devices that Microsoft is aware of. If there are updates for our drivers, Windows will download and update our driver repository automatically. By default, Windows will always try and find updates for our drivers, but we can change this behaviour if we want. The second way of getting updates is going to the manufacturer’s website, downloading new drivers and installing them. These drivers usually come as an executable files, so the only thing we need to do is run the executable which then makes all the necessary changes to the system. The third way is to go to the manufacturer’s website, or to a third party web site that handles drivers, and download the specific driver. If a driver is not in a form of executable file, we can go to the Device Manager, open the properties of the desired device, go to the Driver tab, click the Update Driver option, browse for the appropriate driver and install it.
If we have problems with our drivers, there are three ways to possibly fix the problem. If we have a problem with our device, we will see an exclamation mark on an icon of our device in Device Manager. That means that something is wrong with the device. Sometimes problems can be caused by a bad or corrupt device driver. In many cases the problem can be solved by reinstalling the existing driver. In this case, we would first uninstall the device, and then install the device drivers again.
If reinstalling the driver does not work, we might need to obtain a new driver for the hardware. To do that, first we have to download the new driver for our device. We would uninstall old driver, and then run the executable of our newly downloaded driver. Our new driver should get installed. If our driver is not in an executable form, we can use the Device Manager to update drivers. To do that, open Device Manager, go to the devices properties, and then go to the Driver tab. Here we have to choose ‘Update Driver…’ option to update drivers for our device.
Sometimes problems are caused by a new driver which is, for some reason, incompatible with our device. We can easily fix this problem by reverting to the previous driver. To do that, in Device Manager we have to open the devices properties, go to the Driver tab, and select the ‘Roll Back Driver…’ option. This takes us to the previous, working driver.
Sometimes we can have a driver conflict as well. Driver conflicts typically happen when two devices require the same hardware resources. We can view the resources that are being used by each device by going to the Resources tab of the properties of the device. To resolve this problem we cam disable the device that caused the conflict, or we can update the device drivers. The System Information Tool or MSinfo32.exe command can be used to identify device conflicts as well. MSinfo32 displays the resource information for all devices in a single screen. This is great because we don’t have to view the properties of each device separately in Device Manager. With MSinfo we can check the memory, I/O addresses and IRQ resources used by every device. MSinfo also has a feature called Conflict Sharing which is great for resolving conflicts. Another way to diagnose driver problems is to use the Problem Devices node in MSinfo. This node will list devices that have some type of issues.
To manage all devices and their drivers we can use Device Manager which can be found in Control Panel. Device Manager will list all devices attached to our computer. For that devices we can update drivers or roll back drivers to the most recent version of the previous driver. This is used in scenarios where the new driver caused problems with the device or caused our system to crash. The driver rollback can only be performed once as Windows only stores a copy of the previous version of the driver. Also, we can add new drivers, we can uninstall devices or disable them. If we uninstall piece of hardware in Device Manager and then we reboot, that hardware is likely to show up again because of the plug-and-play characteristics. If we don’t want to remove the device from the computer, but we don’t want to use it, we should disable it rather then uninstall it. In Windows, disabled device shows a down arrow in Device Manager. Device Manager can also display an unknown device. Unknown device is device without drivers installed, but Windows knows the hardware is there. If that is the case we will see a yellow question mark next to our device. In Device Manager we can view the driver settings and detail information about the file location of the driver as well. We can find that information on the Driver tab of the properties of any of the devices in Device Manager.
In Device Manager we can not manage printer drivers. Printers can be managed in Printers section in Control Panel. When it comes to Windows Vista and Windows 7, this is called Devices and Printers. Devices that we see in this category are usually external devices that are connected to our computer trough some port or trough network connection. Those devices are printers, web cameras, network devices, scanners, etc.
When drivers don’t work properly, we can use the Reliability Monitor to determine when the driver was installed and if the reliability of our Windows installation was affected. Windows provides the Driver Verifier Monitor or verifier command line tool. Those tools can be used to monitor device drivers to detect issues and actions that might corrupt the system. The verifier command line tool is mainly a stress tester tool. For example, this tool will test if a device driver will fail if memory usage, or CPU usage is above or below certain limit.
Group Policy Settings
Group Policy can be used to configure how devices are managed and configured. We can use those settings to allow or prevent installation or update of drivers based on a device GUID. We can also prevent Windows to install removable devices, and show custom messages when certain installation is blocked.
To maintain the integrity of drivers installed the Windows installations, The device drivers that come with Windows have Microsoft digital signature.
To see how to work with drivers on particular Windows installation, check out these articles:
The driver is a software which enables interaction between the operating system and a specific piece of hardware. Drivers are specifically designed for different types of hardware and operating systems. Drivers can be signed. To manage all devices and their drivers we can use Device Manager which can be found in Control Panel. New feature in Windows is Reliability Monitor which allows us to take a look at failed drivers and failed hardware devices.