Hi all. I have several devise drivers that are not digitally signed but otherwise work happily under windows server 2008. At present, during booting up, I need to go thorugh the loop F8 to manually disable "digital driver enforcement", but this is good for the current session only. Is there a clever way to permanently disable digital driver enforcement, so that I do not have to use the F8 option manually every time? Thanks. Regards, Cukkas

Hello Cukkas, There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO), 1. Start --->> Run ---> GPEdit.msc 2. Enable and Ignore Code signing for drivers policyunder User Configuration--->> Administrative Templates ---->> System ---->>Driver Installation--->> Code signing for drivers Check this figure

Hi Sherif,Thank you for your suggestions.I tried both methods that you mentioned, 1) command-line bcdedit.exe /set nointegritychecks ON the operation is completed successfully, but it makes no difference when it reboots. On re-boot, the bootmanager will stop, saying " ...\windows\system32\drivers\fastx2k.sys" is not digitally signed, then I need to proceed to use F8 option to manually "disable digital signature enforcement" to continue booting up the OS.I also use this command line (which apparently works in Vista from whose forum I obatined the command line): bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKSthe operation is completed successfully, but again it makes no difference when it reboots.2) Your second method does not solve my need - I need to disable digital driver enforcement during boot-up.Any other ideas I can try?Thank you again.Regards,Cukkas

http://www.vistabootpro.org/

Hi Kane3162,Thank you for the suggestion.I had used an earlier version of VistaBootPro before, but it didn't work. Today, I downoload the latest version 3.3 which warned during installation of potential slight probelm using it on Windows Server 2008. Big mistake - the OS wouldn't bootup at all after using the programme to set disable digital driver enforcement. I have to use backup BCD file to restrore and recover.Any body who has a working solution to this problem? Much appreciated if you could post it here. Thank you.Regards,Cukkas

Hi Cukkas,I'm having the same dilemma over here but on Vista x64, there seems to be no solution.I'm glad I found this post though, hopefully we can find a solution.Regards,xslikx

that is HIGHLY unusual..... I have used it since Beta 2 and not had the no-boot problem you describe.... what settings are you using by chance when you make the change? do you just change the boot options?

Hi Kane3162,My situation on Vista is the same Cukkas is experiencing more or less.It's happening for me because Promise (http://www.promise.com/) makes no compatible 378 IDE driver for x64 OSs and Vista x86/x64, so I'm left with no choice but to use a driver which originated from a laptop called D900T (http://www.sagernotebook.com) that happens to work on x64 OSs and on Vista x64 when digital signature enforcement is disabled.It was originally hosted at - http://www.sagernotebook.com/ftp/win64b/Win64B_ATA.exe but that URL no longer exists because they removed the file.I'm not sure if the laptop company made the driver or if Promise did, but everything about them surfaced here http://www.planetamd64.com/index.php?showtopic=7928Currently there is also a Vista version of this driver which apparently originated from Vista 5744 and bypasses digital signature enforcement.The problem with this driver is that the transfer rate is limited to 150 Kb/s so I'm left with the previous drivers mentioned which were designed for XP x64 but work on Vista when digital signature enforcement is disabled.The driver works great otherwise, but every time i reboot I'm required to press F8 and choose to disable digital signature enforcement or i receive an error: "0x0000428 \Windows\system32\drivers\videx64.sys Windows cannot verify the digital signature for this file."Promise has stated themselves: Promise wrote: No we do not have or plan to release 64 bit drivers that will allow your 378 chipset to work as a regular IDE drive as that chipset is RAID only and not dependent on the driver. Moreover all driver support for this product is not available thru promise because this chipset is imbedded on your mainboard. This will need to be supported thru your mainboard manufacturerYou have to register to view these but i figured i might as well link them incase they're of any use to resolving this problem.XP x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=850Vista x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=1240Other XP x64 / Vista x64 driver link - http://www.planetamd64.com/index.php?automodule=downloads&showfile=1291Motherboard: Asus A8V Deluxe - http://www.asus.com/products4.aspx?modelmenu=2&model=238&l1=3&l2=15&l3=0Chipset: Via K8T800PRO - http://www.via.com.tw/en/products/chipsets/k8-series/k8t800pro/Regards,xslikx

Hi All,To answer Kane3162's question, the only setting in VistaBootPro that I used was to check the option to disable digital driver enforcement, but the PC would refuse to bootup again.Hi, xslikx, my motherboard is ASUS SK8V, which has a similarly imbedded 378 Promise raid/IDE chipset for SATA connetors as your motherboard. I am using the IDE setup using the same driver that you mentioned, and it works fine for the two drives that are connected to these connectors. I have not tried them under raid setup, so I can't tell whether that setup works.As you said, it would be nice to be able to get rid of digital driver enforcement during boot-up. It also means I can remotely re-boot the PC as well. Hope someone can come up with a solution.Regards,CukkasP/s: Do you know a 64 bit driver for Canoscan scanner ( model 8400F) that works under Windows Server 2008 64 bit?

Hey Cukkas,That initially came out to me as a huge surprise that were both dealing with the same promise driver issue, but at the same time it doesn't surprise me that others are having problems with them as well.I sent a technical inquiry to Asus last night and got a reply this morning regarding the Promise driver issue, their reply was: Asus Support Team wrote: Hello,Asus does not write driver software, we receive it from the hardware/chipset manufacturers of the components we use, and simply repackage them with the Asus installer/logos in some cases. You will need to contact Promise to see if/when such a driver may be available. Also, there is no plan at present to support Vista on any Socket 939 (A8 series) motherboard, in either 32 bit or 64 bit versions, largely due to a lack of solid driver support.Regards,Asus Support TeamPlease do not reply to this message. If you need further assistance please call our technical support line at (812) 282-2787 Monday-Friday from 8:30am-Midnight EST.So apparently i would just get the run-around by contacting either Promise or Asus about this driver.Regarding the Canoscan scanner 8400F, you're best off trying either 8400F Scanner Driver Ver. 10.2.3.1a (Windows Vista64) 2007-10 or 8400F Scanner Driver Ver. 10.2.3.1a (Windows XP x64) 2007-10.They can be found here - http://www.usa.canon.com/consumer/controller?act=ModelInfoAct&tabact=DownloadDetailTabAct&fcategoryid=351&modelid=10242I see you've already tried one of them from this topic - http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2285944but its probably worth trying the XP x64 version if the Vista x64 version isn't working for you on server 2008 x64.Either way it seems that Canon will fully support all Vista/Server2008 in the future, but as for Promise things look grim.Regards,xslikx

has anybody here tried http://www.tweak-uac.com/? I was thinking of trying it out. thanks, gargolita

Does anyone know how to resolve the problem?It's proving impossible to do remote re-booting of the server. Thank you. Cukkas

Hi All, I had a lightbub moment while I was taking a shower last weekend: what if I use the hibernate function (which is standardlog off option in alaptop) and how will the Windows server 2008 repsond? There is no hibernate switch in Window server 2008 log off, but you can try this string on a short cut on desktop: rundll32.exe powrprof.dll, SetSuspendState Log off by clicking on this shortcut, andthe PCwill hibernate. The next time you power on the PC, it switches on and recover to its previous state, bypassing the driver enforcement check. No need for a F8 intervention anymore. It works for me. Let me know if it works for you too. Regards, Cukkas

In the GA (General Availability) release Microsoft has announced that this is not going to be possible even by hitting F8. The digital signature enforcement will become turned on automatically and you will not be able to turn it off on bootup at all. This makes for real problems with enhanced drivers, and will force companies to work in greater detail to ensure they have Microsoft's signature or approval on drivers. The only way to make this work now is by hitting F8, turning it off by changing the settings in gpedit.msc or any other means such as cmd prompt will not work at all. It is alway turned on by default on bootup.

I just built a new home computer yesterday and, after installing OS (I worked around in just the os for several hours) then installing the drivers, the computer asked me to restart. I did and it came up with the black screen and "Windows failed to start.... File:\Windows\System32\drivers\sfsync04.sys, Status:0xc0000428, Info: Windows cannot verify the digital signature for this file. I was able to change my BIOS to reboot from the CDRom but all it did was put my first install into an ".old' file and completely reinstall Windows. I've added nothing else because I'm afraid it will just keep happening. 1. This isn't just a server 2008issue 2. This isn't just an upgrade issue - new build with Vista Home Prem 64bit SP1 3. Isn't just the Asus board - I have the Gigabyte GA-P35-DS3L motherboard but I can't tell you anything about Promise or even if the motherboard is faulty. (How do you know?) 4. Why should brand name drivers cause such a problem? 5. It obviously isn't the same file causing the problem but something inherent in the digital verification system. Mobo: Gigabyte GA-p35-DS3L -- installed driver ... again, no driver installation yet for the second install CPU: Intel Q6700 Vista Home Prem 64bit SP1 -- installed both times eVGA 8800GTS 512mb KO -- installed driver 1st time 2x2G Crucial RAM 500G SATA Seagate HD Creative Sound Blaster X-Fi Audio -- installed driver 1st time 2 SATA DVDRW drives 1 Floppy Zerotherm BTF90 PC Power & Cooling 610W Silencer Dell 2408WFP Logitech diNovo keyboard -- installed software Antec P182SE MS Works 2006 -- installed software USB Graphics Tablet (about 4 years old) -- installed driver/Corel Art Dabbler software

I may have found a work around - http://www.citadel.co.nr/readydriverplus/I haven't tried it yet but it looks promising.

Hi Cukkas Not sure if your still having the issue on boot, i was having the same issue with a server with an AMD CPU in, but there is an extra command you need to type in the following in the command prompt, after that it should boot up fine, but you do get a little message in the bottom left corner saying it's in test mode, but that's not a problem for me as it's just a test box anyway. bcdedit -set TESTSIGNING ON Hope that helps :)

I've been using ready driver plus for a long time now, and it works great as long as you don't hit any buttons during the "F8" screen. The way it works is that it basically hits "F8" automatically and makes the proper selection automatically. The reason I'm on this board now is I just did an install of Windows 7 and I forgot the name of ReadyDriverPlus. For now, it is the best solution and it works.

Instead of trying a workaround, why not try signing the drivers in question using signtool.exe from Microsoft. SignTool The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. For information about why signing files is important, see Introduction to Code Signing. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path. SignTool is available as part of the Windows SDK, which you can download from http://go.microsoft.com/fwlink/?linkid=84091. Here is the syntax for SignTool: signtool [Command][Options][FileName …] The following commands are supported by SignTool. I am not sure that this will work, as I have not had this problem so far; I was looking for information on another problem when I cam acrossed this, but thought maybe this might help. Regards, Micro

Nope. All this lets you do is sign a driver package for submission to MS (along with results to prove your driver passes their qualification tests). For this, you need to purchase a certificate from Verisign, pay MS for the submission, actually get the driver to pass all the MS qualification tests (which is by far the most difficult part of the process, even if the driver works perfectly). Then MS verifies your test results and if all is OK, they in their turn sign your driver package. This last bit is what is required by the "digital driver enforcement" (your own signing will not be accepted)! :-( Joe.

How can you do this for Windows ??