Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
Windows XP Professional includes many features that help ensure that the device drivers installed on your computer are reliable and up to date. Drivers are signed by Microsoft after they pass a series of tests for reliability. Windows XP Professional checks for a digital signature whenever a driver is installed, and issues a message if the driver is not signed. In addition, drivers that are known cause problems in Windows are blocked from loading or installing, because Windows XP Professional checks a database of known problem drivers when the computer is started or when a device driver is loaded. If the driver is located in the database of known problem drivers, it cannot be installed or used on your computer. Another feature is Windows Update, a Web site where updated versions of signed drivers are available for download. These and other Windows XP Professional features for device drivers contribute to a stable computing environment and are discussed here in more detail.
Device Manager provides details about device drivers on the device s Properties page. Click the Driver tab, and select Driver Details to list all of the drivers the device is using. Driver details displayed include whether the driver is signed, its version, and whether it has been blocked from loading. For more information about Device Manager, see Device Manager earlier in this chapter.
Microsoft uses a multi-stage process to test device drivers. Drivers are subjected to compatibility tests administered by the Windows Hardware Quality Lab (WHQL), and drivers that successfully complete the process are digitally signed. Because of this testing, signed drivers are typically more robust and reliable. Once a driver is digitally signed, Windows XP Professional recognizes it when it is loaded. Windows XP Professional notifies the user if a driver is not signed or if a driver file has been changed since its inclusion on the Microsoft Hardware Compatibility List (HCL), which is an up-to-date list of hardware that is supported by Microsoft.
The digital signature is associated with individual driver versions, and certifies to users that the driver provided with the device is identical to the driver that was tested.
The following three driver-signing policy settings in the operating system enforce signature verification and determine what the operating system does with an unsigned driver:
Warn. Checks the signature on the driver before installation and displays a warning if the signature verification fails. The driver can still be installed, although installation is not recommended.
Block. Checks the signature on the driver before installation and blocks installation of the driver if the signature verification fails.
Ignore. Silently checks the signature on the driver, logs any unsigned driver files to a log file, and allows the installation of the driver.
| Note | The computer displays the Warn dialog box if you try to replace a signed driver with an unsigned driver, even if the policy is set to Ignore. |
Warn is the default setting. You can change the driver-signing policy for a user without administrator permissions, but must have administrator permissions to change the driver-signing policy setting for a computer. Group Policy settings can be used to change the driver-signing policy from the defaults. For more information about using Group Policy, see Managing Desktops in this book.
To set signature verification options
In Control Panel, open Performance and Maintenance, and then open System.
Click the Hardware tab, and then click Driver Signing.
Under What action do you want Windows to take?, click the option for the level of signature verification that you want to set.
For more information about file signature verification and signature checking, see Tools for Troubleshooting in this book.
| Note | If you are logged on as a member of the Administrators group, you can apply the selected driver-signing setting as the default for all users who log on to a computer by clicking Make this action the system default. |
Windows Update is an online extension of Windows XP Professional, and provides a central location for product enhancements, such as Service Packs, device drivers, and system security updates. Windows XP Professional users can install or update drivers from the Windows Update Web site. When a user accesses the Windows Update Web site, Windows Update compares the drivers installed on the user s system with the latest updates available. If newer drivers are found, Windows Update offers the list of applicable drivers to the user. The user can then choose whether to download and install the newer drivers.
Because installing drivers not included on the Windows XP Professional installation CD ROM requires administrative rights, you must be logged on as an administrator to update a driver from Windows Update. In addition, administrators can use Group Policy to restrict users access to Windows Update. For more information about restricting access to or configuring Windows Update, see Tools for Troubleshooting in this book.
Drivers are included on Windows Update only if they are digitally signed, have passed the testing requirements for the Windows Logo Program, and the vendor has given Microsoft redistribution rights for those drivers. This ensures that the drivers offered to users from Windows Update are of high quality and reliable.
Using a feature known as Automatic Updates, an administrator can configure a computer to notify a user about new updates, so the user can then download and install them, if desired, when they become available. This feature takes advantage of Windows Update to check the availability of critical updates that apply to your computer. Drivers are offered through Automatic Updates only if the driver is marked critical and no other driver is installed for a device.
You can access Windows Update by using any of the following methods:
Open Internet Explorer, and on the Tools menu, select Windows Update.
Open Help and Support Center and select Windows Update.
Open Programs and select Windows Update.
Use Update Driver in Device Manager.
Run the Add Printer wizard for printer drivers.
Devices have a hardware ID that uniquely identifies the device. The Plug and Play IDs of devices include hardware IDs and compatible IDs. The list of hardware IDs and compatible IDs supported by an individual driver is listed in its inf file. If the hardware ID of the device exactly matches one of the hardware IDs supported by the driver, there is a hardware match. If some other match occurs (for example, device hardware ID to driver compatible ID) there is a compatible match. Drivers that have a hardware or compatible match with the device are candidates for download and installation. If a hardware or compatible match exists, Windows Update determines whether the driver on Windows Update is newer than the installed one. If it is newer, the driver is presented to the user. Also, if the hardware ID for the driver on Windows Update is a better match than the installed one, Windows Update offers that driver to the user. If the user chooses to install the offered driver, the file is downloaded, and the Windows Update ActiveX control points the Device Manager to the .inf file for installation. For more information about hardware IDs and compatible IDs, see Driver Ranking later in this chapter.
For more information about Windows Update, see the Windows Update link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources
IT administrators can standardize the updates made to device drivers and other software by using the Microsoft Windows Update Catalog site, which is accessible from the main Windows Update site. This site provides a comprehensive catalog of updates that can be downloaded for distribution to other computers or over a corporate network. To ensure that updates are synchronized enterprise-wide, you can download updates, and then test and approve the new software before distributing it. After the updated drivers are downloaded, tested, and approved, they can be prepared for enterprise-wide installation using standard software deployment tools and techniques.
Place the drivers to be installed on the network at a server location specified for the updated drivers. Then, each local computer can be configured to get the updated driver for a particular device from the network location instead of from the user s hard drive. You can configure users computers in one of two ways:
Change the registry setting for the location of that particular device driver on each local computer by using Unattend.txt. For more information about customizing the Unattend.txt file, see Automating and Customizing Installations in this book.
Write a program that runs on the users computers, which points to the new location. For more information about writing software for customizing the location of a device driver, see the Software Development Kit (SDK) information in the MSDN Library link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources
Windows XP Professional uses driver-ranking schemes to determine which driver to load when multiple drivers are available for a device. Drivers are ranked by whether they are signed and how closely their Plug and Play ID matches the device s Plug and Play ID. The Plug and Play ID of a driver or device consists of hardware IDs and compatible IDs. If the hardware ID of the driver exactly matches one of the hardware IDs of the device, there is a hardware match. If some other match occurs (for example, device hardware ID to driver compatible ID) there is a compatible match. Driver rank also depends upon whether the device information file (.inf file) for the device includes information specifically for installations in a Microsoft Windows NT environment. If multiple drivers for a device exist, the lowest ranking driver is installed. The following list summarizes the driver-ranking scheme for Windows XP Professional from lowest (best match) to highest rank:
Signed driver with a hardware match to the device.
Signed driver with a compatible match to the device.
Unsigned driver with a hardware match to the device (with Windows NT targeted INF section).
Unsigned driver with a compatible match to the device (with Windows NT targeted INF section).
Unsigned driver with a hardware match to the device (without Windows NT targeted INF section).
Unsigned driver with a compatible match to the device (without Windows NT targeted INF section).
Windows Driver Protection features in Windows XP Professional prevent users from installing, loading, or running drivers on their system that are known to cause problems in Windows.
Microsoft maintains a database of known problem drivers that is used to determine which drivers Windows Driver Protection prevents from being installed or loaded. A driver is included in the database if there is a high probability that it will cause the system to hang or crash. The driver is identified in the database by file name, driver version, and link date. Updates to the database are downloaded to your computer from Windows Update.
If you try to install a driver that is listed in the known problem driver database, you will get a message notifying you that this is a driver that will cause system problems and the driver is not installed. The message also contains a link to a Web page that gives you more information and might offer updates to the drivers.
| Note | If you install drivers by using a custom executable, the problem driver database might not be checked during installation and notices about problem drivers might not be displayed. However, drivers that are missed by installation detection will be detected at load time and blocked successfully regardless of installation method. |
The known problem driver database is also checked each time the computer is started and each time a driver is loaded to catch any problem drivers that might be loaded at startup. If a problem driver is installed after the computer is started, the next time you start the computer the loading process prevents the problem driver from being loaded.
When you log on to a computer where a driver has been blocked, an icon and a Help balloon display in the notification area. Clicking the icon accesses the My Computer Information Health page in the Tools Center of Windows XP Professional Help and Support Center, where details are provided for the list of drivers blocked since the last time the computer was started. For each driver in the list, a link is provided that opens an appropriate help file that describes in more detail the problem with the driver and contact information for the device manufacturer.
Each time a known problem driver is blocked, an entry is made in the computer s event log.
When a new device is installed, Windows XP Professional searches four different locations for device drivers in this order: the hard drive, the floppy drive, the CD-ROM drive, and Windows Update. The default is to search all four locations in order for a device driver until the correct one is found, but you can configure the driver search locations to remove any or all of these locations. For example, you might want to prevent users from going to Windows Update to search for an updated driver.
To change driver search locations
In the Group Policy snap-in, select Local Computer Policy.
Select User Configuration, select Administrative Templates, and then expand the System item.
In the list of configuration options, double-click Configure driver search locations.
On the Setting tab, make sure that Enabled is selected.
Select the check boxes for the options you want to disable. Click Apply, and then click OK.
For information about installing the Local Computer Policy snap-in, see Windows XP Professional Help and Support Center.
The Windows XP Professional device drivers included on the Setup CD are stored in a single cabinet file named Driver.cab. This file is used by Setup and other system components as a driver file source. You can view the contents of the Driver.cab file by double-clicking it in Windows Explorer.
Information files (.inf files) are searched when Windows XP Professional starts or new hardware is detected. These text files provide the names and locations (typically Driver.cab) of driver related files and the initial settings required for new devices to work. During setup, Driver.cab is copied from the installation CD to the local hard disk in the %windir%\Driver Cache\platform directory. (The variable platform describes the architecture of the system, for example, x86.) The folder where the file can be found is specified in the registry entry DriverCachePath in the subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup.
| Caution | Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit |
Copying a large Driver.cab file to the local hard disk instead of leaving it on the CD or network has the following advantages:
With the driver set on the local hard disk, users do not need the Setup CD to install new devices, which especially benefits mobile users. Exceptions are products with Windows drivers that are not included on the Setup CD.
Users do not need local administrator rights to install new hardware because all device drivers stored in Driver.cab are on the hard disk and are digitally signed.
For network-based setups, copying the Driver.cab file to the local hard disk reduces bandwidth requirements in these ways:
During setup, less system and network overhead is required to copy the single large Driver.cab file than many small files.
During subsequent hardware installations, driver files already reside on the local hard disk, and do not need to be copied over the network.
A new device requires corresponding driver files in order to work. Setup reads the Drvindex.inf file to find entries for the device. If an entry exists, Setup searches the following paths:
systemroot\Driver Cache\Platform\Driver.cab
systemroot\Driver Cache\Platform
The original Windows XP Professional installation source, such as a network share or a local CD ROM drive. The Windows XP Professional source location is stored in the registry entry SourcePath in the subkey HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup.
If the required files do not exist in any of the preceding locations, or if references are not located in the Drvindex.inf file, Setup prompts the user to supply the required files.