Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows 11 / Permanently Disable Driver Signature Enforcement on Windows 11

July 8, 2024

Permanently Disable Driver Signature Enforcement on Windows 11

By default, Windows requires all device drivers to be digitally signed. If a driver is not digitally signed or the signing certificate has been revoked, Windows will refuse to install such a driver. If you need to install some legacy driver without a digital signature on Windows 11, it is recommended to manually sign the driver using a self-signed certificate (quite a complex but safe way). This post covers how to permanently disable the driver signature verification and install an unsigned driver in Windows 11 or 10.

Contents:
  • Disable Driver Signature Enforcement in Advanced Boot Mode
  • How to Permanently Disable Driver Signature Checks via CMD
  • Ignore Code Signing for Device Drivers Using GPO

In my example, when I tried to install an old GPU driver without a digital signature using the pnputil.exe /add-driver c:\drivers\*.inf /subdirs /install command or from File Explorer, the following errors occurred:

Error 0xE000022F: The third-party INF does not contain digital signature information.
Error 0x800B010C: A certificate was explicitly revoked by its issuer.

Install INF driver without digital sign on Windows

pnputil.exe /add-driver /install - The third-party INF does not contain digital signature information

Disable Driver Signature Enforcement in Advanced Boot Mode

One of the startup modes in Windows allows you to choose to ignore driver signature verification at boot time. To reboot Windows in the advanced startup mode, hold down the Shift key and click Restart on the Start menu.

Press Shift + Restart in Windows

Windows will boot to the Windows RE recovery environment where you will need to select Troubleshoot -> Advanced Options -> Startup Settings -> Restart.

change windows startup mode

The computer will restart and a list of available advanced boot modes will appear. Press the F7 key (or Fn+F7 on laptops) to boot Windows with the Disable driver signature enforcement option enabled.

Disable driver signature enforcement boot mode (F7)

Windows doesn’t prevent you from installing unsigned drivers in this mode. If you try to install an unsigned driver, a security warning will appear:

Windows can't verify the publisher of this driver software.
The driver software you're attempting to install does not have a valid digital signature that verifies who published it, and could potentially be malicious software. You should only install driver software from publishers you trust. How can I decide which device software is safe to install?

Installing unsigned device drivers on Windows

To confirm driver installation, click Install this driver software anyway. The driver will be installed, but a device with an unsigned driver may show an exclamation mark and an error code 52 in Device Manager:

Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

Code 52 - CM_PROB_UNSIGNED_DRIVER - a driver is not digitally signed

You can use the built-in sigverif.exe (File Signature Checker) tool to list unsigned drivers that are installed but don’t have a signature. Run the tool and click the Start button. The utility will scan the Windows Driver Store and list unsigned driver files.

sigverif.exe (File Signature Checker) - list unsigned drivers

Learn how to uninstall drivers in Windows.

To use a device with an unsigned driver, you have to boot Windows using the F7 key into the advanced startup mode every time, which is inconvenient.

Note that driver signature enforcement cannot be disabled on computers with UEFI and Secure Boot mode enabled. Only kernel drivers with a WHQL/WHCP signature can be used when Secure Boot is enabled. In this case, you can only boot Windows with self-signed drivers by enabling the TESTSIGNING boot loader option (described below).

How to Permanently Disable Driver Signature Checks via CMD

To avoid manually selecting a boot mode with driver signature verification disabled each time you start Windows, you can use the bcdedit.exe command line too to change the Boot Configuration Data (BCD) store settings.

Open an elevated command prompt and run the following commands in sequence:

bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
bcdedit.exe -set NOINTEGRITYCHECKS ON

Restart Windows:

shutdown -f -r -t 0

bcdedit disable_integrity_checks

Windows will now always boot in test mode, skipping driver signature checks. In this case, a watermark appears in the lower-right corner of the desktop that says Test Mode and includes the version and build of Windows.

Boot Windows 11 into Test mode with driver signature checks disabled

To disable test mode, run:

bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING OFF
bcdedit.exe -set NOINTEGRITYCHECKS OFF

Ignore Code Signing for Device Drivers Using GPO

There is a separate option in the local Group Policy Editor (gpedit.msc) that allows you to ignore missing signatures during driver installation. This GPO option option only works on Windows 7 and 8, but not on Windows 10 or 11.

Open the local GPO editor and navigate to User Configuration ->Administrative Templates -> System ->Driver Installation.

Enable the Code Signing for Device Drivers policy and select the Ignore option in its settings.

Code Signing for Device Drivers - GPO

Reboot the device and try to install an unsigned driver.

2 comments
4
Facebook Twitter Google + Pinterest
Questions and AnswersWindows 10Windows 11
previous post
Testing Internet Speed from Windows Command Prompt (PowerShell)
next post
How to Set (Change) the Default Printer in Windows 10 and 11

Related Reading

Managing Windows Firewall Rules with PowerShell

March 11, 2024

How to Fix ‘An Operating System Wasn’t Found’...

August 24, 2023

Create a Custom Windows Image with Pre-installed Apps

February 28, 2024

Fixing ‘The Network Path Was Not Found’ 0x80070035...

August 31, 2023

Upgrading to Windows 11 on Unsupported Hardware

March 6, 2024

Installing Language Pack in Windows 10/11 with PowerShell

September 20, 2023

Configuring RemoteApps Hosted on Windows 10/11 (without Windows...

January 25, 2025

How to Assign (Passthrough) a Physical GPU to...

June 11, 2024

2 comments

Addy January 30, 2025 - 4:11 pm

Why not make this a complete tutorial and show how to modify the INF files?

Reply
admin February 2, 2025 - 5:33 pm

Check the post ‘How to manually sign a device driver in Windows‘

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • 0x80244010 Exceeded Max Server Round Trips: Windows Update Error
  • How to Force Remove a Printer That Won’t Uninstall on Windows
  • How to Completely Remove/Uninstall a Driver in Windows
  • Fix: Windows Update Tab (Button) is Missing from Settings
  • How to Disable or Uninstall Internet Explorer (IE) in Windows
  • Fix: Your IT Administrator Has Limited Access to Virus & Threat Protection
  • Fix: Windows Needs Your Current Credentials Pop-up Message
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top