Prevent unsigned drivers or services from being installed
If other users have administrative access to your computer they can install applications and device drivers. In most cases that isn’t bad per se, but someone installing a noncompatible or buggy driver could wreak havoc with your system.
Microsoft has implemented a new feature in Windows 2000 called driver signing that enables a driver developer to certify that its driver has been tested and certified by Microsoft. This helps protect against incompatible and buggy drivers and services by ensuring that the driver has been through a testing and certification process. When you install a driver, Windows 2000 checks the driver to determine if it has been signed. If not, Windows displays a warning message and gives you the option of installing the driver anyway. You can change this behavior to prevent unsigned drivers from being installed. You can also configure how Windows 2000 handles other non-driver installation (such as services).
Prevent unsigned driver and service installation
You can configure two policies to define how Windows 2000 handles installation of drivers and non-driver applications such as services. As with most policies, if a domain policy is configured, it takes precedence over the local security policy. You use the Local Security Policy console to change the settings:
Open the Local Security Policy console and open the Local Policies\Security Options branch.
Double-click “Unsigned driver installation behavior.” ...
Get Windows 2000 Quick Fixes now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
