enter display name hereenter description hereAllow administrators to override Device Installation Restriction policiesThis policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.
If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.Prioritize all digitally signed drivers equally during the driver ranking and selection processThis policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferred over a driver that is not signed at all.
If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was created.
If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates.Device InstallationAllow installation of devices using drivers that match these device setup classesThis policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
If you enable this policy setting, Windows is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.Prevent installation of devices using drivers that match these device setup classesThis policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.Policy settings that control the installation of devices.Allow installation of devices that match any of these device IDsThis policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.Prevent installation of devices that match any of these device IDsThis policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.Configure device installation time-outThis policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.
If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.
If you disable or do not configure this policy setting, Windows waits 300 seconds for a device installation task to complete before terminating the installation.Prevent installation of removable devicesThis policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.Device Installation RestrictionsPolicy settings that describe which devices can or cannot be installed.Prevent creation of a system restore point during device activity that would normally prompt creation of a restore pointThis policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.
If you enable this policy setting, Windows does not create a system restore point when one would normally be created.
If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.Allow remote access to the Plug and Play interfaceThis policy setting allows you to allow or deny remote access to the Plug and Play interface.
If you enable this policy setting, remote connections to the Plug and Play interface are allowed.
If you disable or do not configure this policy setting, remote connections to the Plug and Play interface are not allowed.Prevent installation of devices not described by other policy settingsThis policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.
If you enable this policy setting, Windows is prevented from installing or updating the device driver for any device that is not described by either the "Allow installation of devices that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting.
If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.Display a custom message title when device installation is prevented by a policy settingThis policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.
If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation.
If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.Display a custom message when installation is prevented by a policy settingThis policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.
If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation.
If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation.Driver InstallationAllow non-administrators to install drivers for these device setup classesThis policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system.
If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store.
If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.Policy settings controlling the installation of device drivers on the system.BlockIgnoreWarnCode signing for device driversDetermines how the system responds when a user tries to install device driver files that are not digitally signed.
This setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established.
When you enable this setting, use the drop-down box to specify the desired response.
-- "Ignore" directs the system to proceed with the installation even if it includes unsigned files.
-- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default.
-- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed.
To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.Time (in seconds) to force reboot when required for policy changes to take effectThis policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.
If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot.
If you disable or do not configure this policy setting, the system does not force a reboot.
Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted.Allow installation of devices using drivers for these device classes:To create a list of device classes, click Show. In the Show Contents dialog box, in the Value column,type a GUID that represents a device setup class(for example, {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}).Prevent installation of devices using drivers for these device setup classes:To create a list of device classes, click Show. In the Show Contents dialog box, in the Value column,type a GUID that represents a device setup class(for example, {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}).Also apply to matching devices that are already installed.Allow installation of devices that match any of these Device IDs:To create a list of devices, click Show. In the Show Contents dialog box, in the Value column,type a Plug and Play hardware ID or compatible ID(for example, gendisk, USB\COMPOSITE, USB\Class_ff).Prevent installation of devices that match any of these Device IDs:To create a list of devices, click Show. In the Show Contents dialog box, in the Value column,type a Plug and Play hardware ID or compatible ID(for example, gendisk, USB\COMPOSITE, USB\Class_ff).Also apply to matching devices that are already installed.Device Installation Timeout (in seconds)Reboot Timeout (in seconds)Enter the text you wish users to see (Max 63 chars)Enter the text you wish users to see (Max 128 chars)Allow Users to install device drivers for these classes:To create a list of device classes, click Show. In the Show Contents dialog box, in the Value column,type a GUID that represents a device setup class(for example, {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}).When Windows detects a driver file without a digital signature: