Does your organization require that you control the deployment of device drivers to only those that have been tested and approved for use? Are your users prevented from downloading device drivers from Windows Update for that (or other reasons)?  If so, the new Device Management and Installation Step-by-Step Guide: Signing and Staging Device Drivers in Windows 7 and Windows Server 2008 R2 was written for you!

By using Group Policy, you can configure your client computers to only get device drivers from locations that you specify. Even if your users are not administrators, they can install these drivers securely without needing administrator privileges. To allow for this, and keep it secure, the device driver packages that you deploy must be properly prepared. The preparation includes digitally signing the driver package.

To try it out in a simple lab setting, follow the steps in this guide to set up a single computer running the Release Candidate version of Windows 7 or Windows Server 2008 R2.  The guide shows you how to sign the driver package, post it on a network share, and configure the client to automatically access the device driver from that location whenever the associated hardware is detected. You can use either a real computer or a virtual machine.

There is also a version of the guide that shows how to do the same thing with Windows Vista. The process of signing and staging drivers for an administrator is virtually identical, but the user interface has changed significantly from Windows Vista to Windows 7, so a new version of the guide was created.

The means to securely manage and deploy the device driver software used by computers in your organization is much easier than you might suspect. Give it a try today!

Dave Bishop
Senior Technical Writer
Windows Server User Assistance Networking Writing Team