I classified this as Windows 7 since Chris from this week’s 6292 class was asking about it’s use, so here it goes. Also can be used on any OS vista / Server 2008 and up!

     The contents below have been taken from a few sources, most notably THIS technet document

Device installation

A device is a piece of hardware with which Windows interacts to perform some function. Windows can communicate with a device only by using a piece of software called a device driver. Device and device driver installation in Windows Vista and Windows Server 2008 operate as shown in the following diagram. "PnP" in the diagram refers to the Plug and Play service running in Windows. If any of the described security checks fail, or if Windows cannot find an appropriate device driver package, then the process stops.

Flowchart - Windows device driver installation

Now how can we use PNPUtil to add drivers into that #3 step??

Steps for staging a device driver package in the driver store

Staging a device driver package in the driver store on the client computer ensures the smoothest user experience. After the signed driver package is in the driver store, Windows considers the package trusted. As long as you do not have a device installation restriction policy in effect for a specific device, the user can simply plug in the device and Windows silently installs the device driver.

Windows includes a tool called PnPUtil that you can use to manage the driver store, including adding driver packages, removing driver packages, and listing the driver packages that are in the store.

ImportantImportant

You can only run the PnPUtil tool from a command prompt that is running with elevated permissions. The tool cannot invoke the User Account Control dialog box. If you attempt to use the PnPUtil tool to add or remove packages from a command prompt that is not running as administrator, the command will fail.

Steps Outline: staging a device driver package in the driver store

Step 1: Attempt to stage an unsigned driver package

Step 2: Attempt to stage a signed, but improperly modified driver package

Step 3: Attempt to stage the properly signed driver package.

Step 4: Test installation of the staged driver package.

Step 1: Attempt to stage an unsigned driver package

Windows interrupts an attempt to install an improperly signed driver package.

To attempt staging of an unsigned driver package

  1. At the Build Environment command prompt with elevated permissions, temporarily rename the .cat file to effectively remove the signature from the driver package. Type the following command:

    Copy Code

    ren toaster.cat toaster.nosig
  2. Attempt to stage the unsigned package. At the command prompt running with elevated permissions, type the command:

    Copy Code

    pnputil.exe -a toastpkg.inf

    The Windows Security dialog box appears because the .inf file is not signed. Windows cannot match it against the certificates that are trusted by the computer.

  3. Click Don’t Install.

    The PnPUtil tool indicates that the staging operation failed:

    Copy Code

    Adding the driver package failed : A file could
    not be verified because it does not have an
    associated catalog signed via Authenticode(tm).
    Adding at least one driver package failed!
  4. Rename the catalog file back to its correct name. At the command prompt, type:

    Copy Code

    Ren toaster.nosig toaster.cat

Step 2: Attempt to stage a signed, but improperly modified driver package

Windows will also interrupt an attempt to install a driver package that has been modified after it was signed. Because the signature includes thumbprints for each file, making a change to any of the files in the package causes the validity check for the signature to fail.

To attempt staging a signed, but modified driver package

  1. Save a copy of the correct toastpkg.inf file. At the command prompt type:

    Copy Code

    Copy toastpkg.inf toastpkg.orig
  2. Modify toastpkg.inf so that its thumbprint is no longer valid. Open it in Notepad:

    Copy Code

    notepad toastpkg.inf
  3. With the cursor at the very beginning of the file, press Enter to add a blank line, and then save your changes and close Notepad.

  4. Attempt to stage the modified package. At the command prompt, type:

    Copy Code

    pnputil.exe -a toastpkg.inf

    Because the package was modified after being signed, the Windows Security dialog box appears, warning you that the signature is invalid.

  5. Click Don’t Install.

  6. Overwrite the modified .inf with the original. At the command prompt, type:

    Copy Code

    Copy /y toastpkg.orig toastpkg.inf

Step 3: Attempt to stage the properly signed driver package

To attempt staging a properly signed package

  1. Attempt to stage the package. At the command prompt, type:

    Copy Code

    pnputil.exe -a toastpkg.inf

    Because the signature attached to the package is valid, the files are unmodified, and the file thumbprints match the signature, Windows successfully stages the package, with no prompts. The output includes the published name with the OEM number that you can use to remove the driver package from the store later, if needed.

  2. Make note of the number assigned to your package.

    Copy Code

    Processing inf : toastpkg.inf
    Driver Package added successfully.
    Published name : oem4.inf

    noteNote

    The number assigned to your package might be different due to the number of driver packages that are already installed on your computer.

You can view the package in the store by running the PnPUtil tool with the -e (for ‘enumerate’) parameter.

To examine the package in the driver store

  1. At the command prompt, type:

    Copy Code

    pnputil.exe -e
  2. Look for the package with your OEM## listed in the output. Make note of this number because you might need it later. You can also see the version number and date that you entered in the .inf file.

    Copy Code

    Published name : oem4.inf
    Driver package provider : Toast´R´Us
    Class : Unknown driver class
    Driver verstion and date : 04/01/2006 9.9.9.9
    Signer name : MyCompany - for test use only

Advertisements