Overview of Installing Private Builds of Inbox Drivers
Starting with Windows Vista, when a Plug and Play (PnP) device is installed on a computer system, Windows selects a driver based on several factors, such as the hardware ID or compatible ID, date, and version. Windows analyzes these factors to assign a rank that indicates how well the driver matches the device. The lower the rank, the better a match the driver is for the device.
Also, starting with Windows Vista, if a driver has a signature from a Windows signing authority (Microsoft signature), Windows ranks it better than another driver for the same device that was signed with:
A third-party release signature. This type of signature is generated by using a Software Publisher Certificate that is obtained from a third-party certification authority (CA) authorized by Microsoft to issue such certificates.
The Microsoft signature types include the following:
Premium WHQL signatures and standard WHQL signatures
Signatures for inbox drivers
Windows Sustained Engineering (Windows SE) signatures
A WHQL signature for a Windows version that is the same or later than the Windows version that is specified by the LowerLogoVersion value that is set for the device setup class of a driver
Note Even if a driver that has a third-party signature is a better match for the device, Windows selects the driver that has a Microsoft signature. Using a publisher identity certificate [PIC] for the third-party signature does not change this behavior.
Starting with Windows Vista, the AllSignersEqual Group Policy controls how Windows ranks Microsoft-signed drivers and third party-signed drivers. When AllSignersEqual is enabled, Windows treats all Microsoft signatures and third-party signatures as equal with respect to rank when selecting the driver that is the best match for a device.
Note In Windows Vista and Windows Server 2008, the AllSignersEqual Group Policy is disabled by default. Starting with Windows 7, this Group Policy is enabled by default.
To install a private build of an inbox driver, you must do the following:
Build a private version of the inbox driver. You must ensure that the private build outranks the Microsoft-signed version when signatures are treated equally. The private build must also be digitally signed by using tools that are provided with the WDK.
For more information, see Creating a Private Build of an Inbox Driver.
Enable the AllSignersEqual Group Policy on the target system so that the operating system views all Microsoft signature types and third-party signatures as equal in rank when it selects the driver that is the best match for a device.
For more information, see Configuring Windows to Rank Driver Signatures Equally.
For more information about how Windows ranks drivers, see How Windows Selects Drivers.