Hello ,

Can we package unsigned drivers ?

I am using Adminstudio 5.5 for my packaging project . Kindly suggest pointers to start with the basics of packaging unsigned drivers .

Cheers ,
V
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Hi there


Unsigned printers can be packed acording to MSIMaker look at his PnPDriver templater it can do it. you find it at this forum in the top

You can allso sign driver the driver.

Se Microsoft "Using Authenticode to Digitally Sign Driver Packages"

you will need MakeCat.exe and signtool.exe


Sweede ;-)
Answered 04/21/2005 by: Sweede
Second Degree Green Belt

Please log in to comment
0
Thanks for reply .

One quick question . I am currently trying to test the freely available unsigned driver
V1.32 BETA USB-Ir Adapter Driver Installation Program for STIR4200 , available at http://www.sigmatel.com/products/tech-support.htm .

The set up for this database is in setup.exe format . DO Ihave to first repackage this set up into an MSI and then apply the template process mentioned in your reply .

Also signing a driver using Authenticode requires a digital certificate to be obtained from certifying authorities . In which case we have to pay for the digital certificate i guess . Please correct me if I am wrong .

Cheers ,
V
Answered 04/22/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
Hi Sweede ,

I read on of your posts on packaging unsigned drivers where you mentioned of creating cat file and signing the driver .

Could you please elaborate or provide some pointers on creating the CAT file .

Any suggestions will be really appreciated .

Cheers ,
V
Answered 04/25/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
http://itninja.com/question/device-drivers---found-solution!

May be of assistance

nmi
Answered 04/28/2005 by: nmi
Orange Belt

Please log in to comment
0
Thanks ,

I tried packaging an unsigned driver usinbg admin studio but it did not allow me to do so .

Are there any other means you are aware of ehich might be helpful while packaging unsigned drivers .

I do not want to use authenticode as this process requires a digital certificate and i assume it requires money .


Cheers ,
Answered 04/28/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
Viv

This depends on who you are deploying to. If you are depolying to your internal organisation ONLY and your orgainsation has a solid PKI strategy, then you should have a CA somewhere (Certificate Authority). You should be able to create a certificate, have your organisation trust the certificate and sign the drivers using that.

I think :)

Rgds

Paul
Answered 04/28/2005 by: plangton
Second Degree Blue Belt

Please log in to comment
0
Sorry , We do not have any CA in our organization . We have to rely on external vendors . Which has become a bottleneck cause this will come with some price .

Hence we want to make sure that there is no other way except purchasing Certs. before taking this step . I have seen quite a few posts about packaging unsigned drivers but they are not comprehensive enough to make a decission .


Cheers ,
V
Answered 04/29/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
If you have Windows Server in your organisation (which I'm sure you do) CA is part of it. You can create your own certificates for use with this, can't you?
Answered 05/03/2005 by: brenthunter2005
Fifth Degree Brown Belt

Please log in to comment
0
Apologies , I had no clue that CA is part of Windows server as I am purely from dev background .

I will now investigate into this further.

Thanks for the clarification .

Cheers ,
V
Answered 05/03/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
I will caution you that its a Good Idea (tm) to have a solid PKI strategy in place, which obviously your organisation doesn't. Mainly becuase, fair enough, you go to a windows server, issue certs, choose to trust them. Then another project issues ANOTHER certificate, perhaps from a Novell server, trusts it, another department does something else, and before you know it you have a certificate nightmare on your hands where your organisation has to keep track of multiple certs doing the same thing from different sources. What happens if that server gets decommissioned or assimilated into another server, will the certs migrate across? Definately think about the end to end process before just creating a cert and trusting it.

In my opinion :)
Answered 05/03/2005 by: plangton
Second Degree Blue Belt

Please log in to comment
0
I had a discussion with the Server team in my Org. We do not have any PKI strategy or CA at the moment .

It seems it will take a while before they implement this .Seems its another showstopper :(

I guess I have to find an alternate way to resolve this issue .

Cheers ,
V
Answered 05/04/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
I have downloaded the driver you posted and I'm going to attempt it tomorrow. I don't have the Sigma device tho so I'll just take an infra red device with me and see how it goes. No promises but I like the challenge.
Answered 05/05/2005 by: MSIMaker
Second Degree Black Belt

Please log in to comment
0
Really appreciate your help .

Also I am trying to package the same driver now using DIFXAPP 2.0

I am getting following error in my installation log files : DIFXAPP: ERROR more than one driver package found in C:\WINDOWS\inf\

Has anyone experienced this error before .

I followed following steps :

1) Created the driver Installer database (Installshield Repackager as the original driver set up is not MSI)
2) Applied DiFxApp.msm to the Installer Database
3) Added the Component (which contains the INF file ) to the component table
4) Added Flag value in the component table to 8 for Legacy install (unsigned driver)
5) Saved the new merged MSI
6) Installed the driver Package with msiexec options for verbose logging

As I am trying this for the first time , I might be having a completely wrong understanding .

Cheers,
V
Answered 05/05/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
Hi All ,

I am starting this thread again .

I am packaging Axicon 600 Barcode viewer , which has an unsigned driver .

I used DIFXAPP 2.0 to package the driver , fine . But when i tried installing the driver I got the OS level security prompt to Continue / Stop installation .

I had an impression that if I install the unsigned in legacy mode (DIFXAPP 2.0) then I will not get this message .

Am I missing something here ? Any pointers will be of great help .

Cheers,
V
Answered 05/25/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
hi viv,
The security prompt that you receive may be coz of the security policy that has been set up on your computer or any GP's that are implemented by your organization. You may need to work with the security group at your company to confirm this. Hope this was helpful.

cheers,
srid.
Answered 08/01/2005 by: sridtech
Senior Yellow Belt

Please log in to comment
0
Yes you are right , but the GPO team does not want to change the Group policy setting for a few number of drivers .

We get around this issue by a not so good way of using Auto IT scripts to click the security prompt during installation to continue .

Till now I haven't come across any other nice option to overcome this issue .

Cheers ,
V
Answered 08/02/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
Hi
I am in unsigned driver hell at the moment.
I would like to certify my own cat files and I tried for ages to get that to work without success so far.
Any tips/how to would be useful.
Also what GP settings do I need to change to allow unsigned drivers to be deployed. I have tried changing a few things without success so far.
It only seems to work if I login in as admin and change it manually.

Cheers
Answered 10/18/2005 by: ZeroHour
Senior Yellow Belt

Please log in to comment
0
ORIGINAL: ZeroHour

Hi
I am in unsigned driver hell at the moment.
I would like to certify my own cat files and I tried for ages to get that to work without success so far.



I know you can sign your own files, but the system isn't setup to accept these. Only Microsoft can officially "sign" the drivers (or a 3rd party sanctioned by MS). Otherwise everyone would do it. The reasoning for this is so that only fully tested drivers are allowed onto the system (to prevent the problems well documented in the past).
Answered 10/18/2005 by: nmi
Orange Belt

Please log in to comment
0
Yeh thats what I was thinking as I seemed to do it all right.
Its just making life on a enterprise diffecult because you cant just roll a drivers msi out which would do the job.
Its something they are solving in longhorn though.

Any more thoughts/ideas?
Answered 10/18/2005 by: ZeroHour
Senior Yellow Belt

Please log in to comment
0
Hi ,

I had to write an AUTO IT script along with using DIFxApp 2.0 to to send {Enter} key when security prompt for unsigned driver pops up . This will "select continue Installation" option and will go ahead with the drivers installation .

The only down side of this script is that it does not run if the user if logged off / has locked the machine during installation .

Cheers ,
V
Answered 10/19/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
So I take it that it wont work if deployed with AD?

Cheers
Answered 10/19/2005 by: ZeroHour
Senior Yellow Belt

Please log in to comment
0
ORIGINAL: ZeroHour

So I take it that it wont work if deployed with AD?

Cheers


I suspect you'd have to run the Autoit script as part of a logon sequence and then deploy the msi via GPO's to get it to work.

When Autoit runs it just leaves a small icon in the task bar so its pretty innocuous.

nmi
Answered 10/19/2005 by: nmi
Orange Belt

Please log in to comment
0
I haven't come across any other solution except AutoIT .

Alternativley GPO settings for unsigned driver can be relaxed to ignore unsigned drivers for which I think your GP team will discourage you for obvious reasons .

Cheers ,
V
Answered 10/19/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
this is on the right track,

You can relax the permissions, install the drivers, the reinstate the permissions.
Answered 02/02/2006 by: jendres
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity