How to Install & use unsigned drivers in Windows Vista/7 x64

Since I have just recently gone the x64 way, I had some issues with my audio driver (a SoundMAX ADI driver) on Windows 7. It installed perfectly, but it wouldn't load the driver because it wasn't properly signed (even though it should have been WHQL according to ASUS).
Couple of hours of googling later, I found a viable solution and though it would be a good idea to share it...

As you might know, or will learn now , starting with Windows Vista, MS decided to add an extra protection to x64 systems: Device Driver Signature Enforcement.
In other words you can install & use only MS certified drivers in your system. If you would install an unsigned or improperly signed driver then Windows would let you know that the driver is not signed and it would not load on the next boot (usually giving an error) or even not install at all.

Sure, this sounds like a worthy security upgrade, but small-time publishers might have financial issues getting a MS digitally signed driver for their app, which is pretty costly.
These kind of unsigned drivers can range from non-critical software drivers (like ATi Tools), to necessary firewall drivers (like Peer Guardian), to very useful Beta Audio and Video drivers that fix issues quickly (like SoundMAX, ATi and nVidia drivers) or even an expired digital certificate.

An easy way to load the unsigned driver is by pressing F8 during the boot sequence (just after POST, but before the Windows loading logo), which opens up the Advanced Boot Options list, and choosing the Disable Driver Signature Enforcement.
But it doesn't sound very fun to do this every time you boot the system, right?


----------------------------
Solution number 1
----------------------------

!! Works only on Windows Vista x64 pre-SP1 !!

Preliminary step:
Uninstall and delete the troublesome driver then reboot. No errors should pop up after booting into Windows!
If they do, use Device Manager to completely remove the faulty driver (right-click the device > Uninstall > in the message box tick 'Delete driver' and accept to uninstall the driver).
Please be careful when removing the device driver so you won't accidentally remove another device!
The device that has a faulty driver should show up with a yellow warning sign!

Now continue with the following:

1. Disable User Account Control (UAC) and reboot;
2. Go to Start and type cmd in the search box;
3. Right-click on cmd.exe (should be at the top of the list) and select Run as administrator;
4. In the newly created command prompt box, type the following (pressing enter after each line):
   
   Code:

   bcdedit /set testsigning on
   bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS

   Note: DDISABLE is NOT a typo!
5. Install the problematic driver and reboot;
6. Your driver should now load successfully and you may now enable UAC!

----------------------------
Solution number 2
----------------------------

Applies to Windows Vista x64 (pre-SP1, SP1, SP2) and Windows 7 x64 (RC1)

1. Disable User Account Control (UAC) and reboot if you are using Vista;
2. Go to Start and type cmd in the search box;
3. Right-click on cmd.exe (should be at the top of the list) and select Run as administrator;
4. In the newly created command prompt box, type the following and press enter:
   
   Code:

   bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS

   Note: DDISABLE is NOT a typo!
5. Go to NGOHQ.com and download the latest Driver Signature Enforcement Overrider (DSEO) or download it from TechSpot here ;
6. There is no need to install the app, just copy it to a safe location and run it;
7. Click next and please take your time to read the license agreement, then click 'Yes';
8. Optional: select How-to-use and click 'Next'.
   This will open a new browser page with information on this software and how to use it.
   Though it's useful, you might not fully understand the steps outlined there.
9. Select Enable Test Mode and click next;
10. Now select Sign a System File and click next;
11. In the text box, type the path and name of the file (see the example included), then click on OK to sign the driver;
    Note: see below if don't know what files need signing.
12. After being told that the file was signed successfully, continue signing the other files (if there are any left) and then reboot;
13. Your driver should now load successfully and you may now enable UAC!

----------------------------
Finding out what files to sign
----------------------------

There are a couple of ways to find out what files should be signed in case a device driver cannot start due to the driver not being digitally signed on a 64bit system.

The quickest way would be to open the Device Manager, selecting the problematic device (shown with a yellow warning sign) then right-clicking it > Properties > Driver > and clicking on Driver Details.
You should now have a list of all the driver files. The ones without the Digital Certificate icon should be the best bet.

Still not working?
Sometimes, like with my case, the conflicting file actually IS signed, but there is an issue with the certificate. Might be invalid, corrupted or expired.

You now have two ways to find out the "bad" file(s):

1. DON'T FIND OUT! Just sign all the files in the driver list with DSEO and you shouldn't have anymore issues.
2. What if there are a loooot of files in the list (like with graphics drivers) or Device Manager doesn't show the troubling device?
   This is more complicated, as it involves using Event Viewer to see the exact error:
   1. With the faulty driver still installed, reboot the PC;
   2. Now go to Start > Type Event Viewer and press Enter;
   3. In the left pane, expand Windows Logs and select System;
   4. Now right-click on it and select Filter Current Log...;
   5. Set these options and then click OK:
      
   6. After Event Viewer filters the log (might take a while), you should see one or more warnings.
      Look for those that sound something like:
      
      Code:

      The driver [name_of_driver]AddService failed to load for the device [name_of_device].

      While the name of the device might be more or less gibberish, the name of the driver should be the file(s) you're looking for.
      
      Just as an example, this is what Event Viewer turned out for me:
      

While there are quite a few other ways of bypassing the driver enforcement imposed by MS, like using bootable USB sticks or special CD's, I have found the above to be relatively easy
I hope this little guide might be of help to someone.
Feel free to come with questions/suggestions!

DiSCLAiMER:
I am not to be held responsible of any damage or loss of data on your PC if you can't follow simple steps!

Also, please be very careful when installing unsigned drivers, as you might install very dangerous malware!
My advice: always double-check the source and verify the application publisher.

Great post :grinthumb

I still work (mostly) with XP where installing signed/unsigned issue is a simple user policy setting. Didn't realize (till now) the configurable user policy is gone in Vista.

Anyway, I can tell you invested time and much thought into writing up your post. It's most helpful!

Captain828 said:

Go to NGOHQ.com and download the latest Driver Signature Enforcement Overrider (DSEO) ;

Click to expand...

If anyone had the same trouble as I did navigating around that site, trying to download Driver Signature Enforcement Overrider, here it is here: https://www.techspot.com/downloads/6205-driver-signature-enforcement-overrider.html

I found this direct link only by going here: http://www.forums3d.com/showthread.php?t=19725

I think ngohq.com, needs a little cleaning up, with its Driver Scanner ad being all over the place, it drove me crazy, until I thought forget it, I'll just Google this thing.