Windows supports the Plug and Play specifications that define how a computer can detect and configure newly added hardware and automatically install the device driver. Prior to Plug and Play, users needed to manually configure devices before attaching them to the computer.
Plug and Play hardware, combined with a Plug and Play–compatible operating system such as Windows Vista® and Windows Server® 2008, allow a user to plug in the hardware and Windows searches for an appropriate device driver package, automatically configuring it to work without interfering with other devices.
Because device driver software runs as if it is a part of the operating system with unrestricted access to the entire computer, it is critical that only known and authorized device drivers be permitted. To support this requirement for security, Windows Vista and Windows Server 2008 break the installation process into two steps:
Device installation in Windows
Device and device driver installation in Windows Vista and Windows Server 2008 operates as shown in the following diagram. "PnP" in the diagram refers to the Plug and Play service running in Windows. If any of the described security checks fail, or if an appropriate device driver package cannot be found, then the process stops.
- When a user inserts a device, Windows detects the new hardware
and signals the Plug and Play service to make the device
- Plug and Play identifies the device.
- Plug and Play searches the driver store for a driver package
that matches the device. If a matching package is not found, go to
step 4. If a matching package is found, skip to step 8.
- Windows searches for a matching driver package by looking in
the following locations, stopping as soon as a matching package is
- Searching folders specified by the DevicePath
registry entry. For more information, see Configure Windows to
Search Additional Folders for Device Drivers.
- Searching the Windows Update Web site. For
more information, see Configure Windows to
Search Windows Update for Device Drivers.
- Prompting the user for media.
- Searching folders specified by the DevicePath registry entry. For more information, see Configure Windows to Search Additional Folders for Device Drivers.
- Windows checks that the user has permission to place the driver
package in the driver store. The user must have administrator
credentials, or computer policy is set to allow standard users to
install devices that have this identifier. For more information
about this policy, see Configure Computer
Policy to Allow Non-Administrators to Install Specific
- Windows checks that the driver package has a valid digital
signature. If the driver package is signed by a certificate that is
valid, but not found in the Trusted Publishers store, then Windows
prompts the user for confirmation.
- Windows places a copy of the driver package in the driver
- PnP copies the driver files from the driver store to their
operational locations, typically
- PnP configures the registry to instruct Windows how to use the
newly installed drivers.
- PnP starts the newly installed drivers. This step is repeated
at each computer restart to reload the drivers.
In Windows Vista and Windows Server 2008, the process described in steps 3 through 7 is referred to as staging. During staging, Windows performs security checks, and then places the driver package in a secure location so it can by accessed by the Plug and Play service. In Windows Vista and Windows Server 2008 staging can be performed by an administrator as a separate step. For more information, see Stage a Device Driver in the Driver Store.
If you are an administrator for multiple computers, staging the device driver packages for your users provides significant benefit. Windows performs all of the required security checking during staging, including the verification of administrator rights and validation of digital signatures. After a driver package has been successfully staged, any user that logs on to that computer can install the drivers in the driver store by simply plugging in the appropriate device. There are no prompts, and no special permissions are required. The user simply plugs in the device and it works, without administrator or help desk intervention.
For more information about the driver store and the staging process, see Device Management and Installation Step-by-Step Guide: Signing and Staging Device Drivers (http://go.microsoft.com/fwlink/?LinkId=140049).