How to Enable and Disable Driver Signature Enforcement?

Driver Signature Enforcement

Driver signature enforcement helps protect a system from cybercriminals and malicious activities. How?

Microsoft, the tech giant, introduced driver signature enforcement in Windows OS, including Windows Vista/XP/7/8/8.1/10, to check code integrity before proceeding with the installation.

Generally, it’s good to check the driver’s integrity to ensure it’s coming from a trusted manufacturer and is certified by Microsoft.

Despite all the advantages of driver signature enforcement, there are some specific scenarios where it needs to be disabled.

For instance, some programs’ driver files don’t have digital signature authentication because they don’t pay Microsoft to get a verified certificate.

If you trust one of those unsupported drivers, here are two ways to disable driver signature enforcement. But always remember, the trust factor is crucial!

How to Disable Driver Signature Enforcement?

Method 1. Disable Driver Signature Enforcement in Startup Settings

Before we explain the detailed procedure, here are some important points to remember.

  • This method will only temporarily disable driver signature enforcement. 
  • As soon as you restart the computer, driver signature enforcement will automatically be enabled, and unsigned installed drivers will stop working.

Step 1: On the system’s start menu, click on the “Restart” button.

Step 2: Once the system reboots, click on the “Troubleshoot” option.

Choose Troubleshoot Option

Step 3: Choose “Advanced options” in “Troubleshoot”.

Advanced Settings

Step 4: In  “Advanced options,” click on “Startup Settings”.

Startup Settings Windows

Step 5: In “Startup Settings,” click on the Restart button.

Restart

Step 6: You’ll see a list of options, and to choose “Disable Driver Signature Enforcement,” press “7” or “F7”.

Disable Driver Signature Enforcement

Finally, the system will automatically restart with driver signature enforcement until you restart it.

Method 2. Disable Driver Signature Enforcement using CMD Prompt

This is the quickest and easiest way to disable driver signature enforcement. Here’s how it works!

Step 1: Click on the system’s Start button and type “Command Prompt”. Further, press “Run as administrator”.

Run as Administrator

Step 2: Execute the following command in the Command Prompt.

bcdedit /set nointegritychecks on
Bcdedit Command

The driver signature enforcement will be turned off! To confirm this, run the “bcdedit” command in the same command prompt window, and if “nointegritychecks” shows “Yes,” then you can install unsigned drivers.

Confirm Command

Method 3. Disable Driver Signature Enforcement with Local Group Policy Editor

Step 1. Open the “Run” dialog box in the PC, type “gpedit. msc,” and press Enter to open Local Group Policy Editor (LGPE).

Step 2. In the Local Group Policy Editor (LGPE) window, from the left panel, head to User Configuration > Administrative Templates > System > Driver Installation.

Step 3. Right-click on the code signing for driver packages button and select Edit.

Code Signing for Driver Package

Step 4.  Check the Enabled radio button, and in the options menu, click on the dropdown and select Ignore. Finally, click OK to apply the changes accordingly.

Enabled Driver Signature Enforcement

If you wish to re-enable driver signature enforcement, head back to step 4 and set the radio button to “Not configured.”

How to Enable Driver Signature Enforcement?

Enable Windows 10 Test Signing Mode

This method is for those who don’t want to permanently disable driver signing. You can put Windows 10 in test mode and install unsigned drivers. Here’s how to do it!

Step 1. In the Search bar, write cmd and right-click Command Prompt to choose Run as administrator.

Step 2. Execute the below command and press Enter.

bcdedit /set testsigning on

Step 3. Close or shut the Command Prompt window and restart the system.

Enable Driver Signature Enforcement

Step 1. Open the Command Prompt according to the steps mentioned above.

Step 2. Execute the following command and press Enter.

cdedit.exe /set nointegritychecks off

Step 3. Restart the system to re-enable driver signature enforcement.

The Bottom Line

Installing unsigned drivers is not recommended because it’s unsuitable for security purposes. Still, if you trust the driver, you can install it using the methods mentioned above. 

Windows Security

Microsoft Authenticode Signing

Verify the Integrity of your Software by Adding Authenticode Signature on 32/64 bit Software Binaries using Code Signing Certificate.

Buy Authenticode Code Signing Certificates
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.