Lesson 4:Configuring, Monitoring, and Troubleshooting Driver Signing

Windows XP Professional drivers and operating system files have been digitally signed by Microsoft to ensure their quality. In Device Manager, you can look in the Driver tab of a device Properties dialog box to verify that the digital signer of the installed driver is correct. Some applications overwrite existing operating files as part of their installation process, which might cause system errors that are difficult to troubleshoot. Microsoft has greatly simplified the tracking and troubleshooting of altered files by signing the original operating system files and allowing you to easily verify these signatures.

After this lesson, you will be able to

• Configure driver signing
• Describe the System File Checker (SFC) tool and how to use it to verify and troubleshoot driver signing
• Use the Windows Signature Verification tool to monitor and troubleshoot driver signing

Estimated lesson time: 20 minutes

Configuring Driver Signing

You can configure how the system responds to unsigned files by clicking System in the Performance And Maintenance window in Control Panel and clicking the Hardware tab. In the Hardware tab, in the Device Manager box, click Driver Signing (see Figure 11.10).

Figure 11.10 Configuring driver signing in the Driver Signing Options dialog box

The following three settings are available to configure driver signing:

• Ignore. This option allows any files to be installed regardless of their digital signature or the lack thereof.
• Warn. This option, the default, displays a warning message before allowing the installation of an unsigned file.
• Block. This option prevents the installation of unsigned files.

If you are logged on as Administrator or as a member of the Administrators group, you can select the Make This Action The System Default check box to apply the driver signing configuration you set up to all users who log on to the computer.

Monitoring and Troubleshooting Driver Signing

Windows XP Professional also provides System File Checker (SFC), a command-line tool that you can use to check the digital signature of files. The syntax of the SFC tool is as follows:

 Sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x] 

Table 11.5 explains the SFC optional parameters.

Table 11.5 System File Checker Optional Parameters

Using the Windows File Signature Verification Tool

There is also a Windows File Signature Verification tool. To use it, click Start, click Run, type sigverif, and then press Enter. Once the File Signature Verification tool begins, you can click Advanced to configure it (see Figure 11.11).

Figure 11.11 Configuring driver signing

The File Signature Verification tool allows you to view the file's name, location, modification date, file type, and version number.

Practice: Using the Windows File Signature Verification Tool

In this practice, you use File Signature Verification to monitor and troubleshoot driver signing on your system.

Run the SignatureVerification file in the Demos folder on the CD-ROM accompanying this book for a demonstration of using the File Signature Verification tool to monitor and troubleshoot driver signing on your system.

To use sigverif

1. Click Start, click Run, type sigverif, and then press Enter.

   The File Signature Verification dialog box appears.

2. Click Advanced.

   The Advanced File Signature Verification Settings dialog box appears with the Search tab active. By default you are notified if any system files are not signed. Notice that you can select the Look For Other Files That Are Not Digitally Signed option. This setting has the File Signature Verification tool verify nonsystem files to see if they are digitally signed. If you select this option, you can specify the search parameters for the files you want checked.

3. Leave the default setting of Notify Me If Any System Files Are Not Signed selected, and then click the Logging tab.

   By default the Signature Verification tool saves the file signature verification to a log file named SIGVERIF.TXT.

4. Leave the default settings and click OK to close the Advanced File Signature Verification Settings dialog box.
5. Click Start.

   The Signature Verification tool builds a list of files to check and then scans the files. When the Signature Verification tool completes its check, a Signature Verification Results window appears if there are files that are not signed. Otherwise you see a Sigverif message box telling you that your files have been scanned and verified as being digitally signed.

6. If you get a Signature Verification Results window, review the results and then click Close to close the Signature Verification Results window. Otherwise, click OK to close the Sigverif message box.
7. Click Close to exit the File Signature Verification tool.

Lesson Review

The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."

1. Why does Microsoft digitally sign the files in Windows XP Professional?
2. Which of the following tools would you use to block the installation of unsigned files?
   1. File Signature Verification
   2. Driver Signing Options in the System Control Panel
   3. System File Checker
   4. Sigverif
3. How can you view the file signature verification log file?

Lesson Summary

• Windows XP Professional provides two tools to verify the digital signatures of system files: SFC and File Signature Verification.
• SFC is a command-line tool. It has a number of optional parameters that let you control how and when it will run.
• File Signature Verification is a Windows tool. By default it saves the File Signature Verification to a SIGVERIF.TXT log file.