When I run pnputil.exe /add-driver driver.inf /install it prompts me to first verify the publisher. I need a way to skip this step and have the publisher be verified automatically.
Asked
Active
Viewed 1.9k times
2 Answers
5
If you can run Powershell as administrator, you can install the driver silently by pre-authorizing the certificate of the driver's publisher.
You need to find the certificate that was used to sign the driver and then import it into the LocalMachine\TrustedPublisher certificate store.
Powershell has the Get-AuthenticodeSignature command to help you find the certificate: run it on some files in the driver to see if you can find a valid certificate. There usually should be a .cat file that is the driver catalog and that would be signed - check the .inf file as it will list the catalog in one of the first lines.
Then, first load the certificate into the trusted store, before running pnputil.exe. For example:
$signature = Get-AuthenticodeSignature driver.cat
$store = Get-Item -Path Cert:\LocalMachine\TrustedPublisher
$store.Open("ReadWrite")
$store.Add($signature.SignerCertificate)
$store.Close()
PnPutil.exe -i -a driver.inf
This should be able to run completely unattended.
1
The only way to accomplish this is to sign the driver inf file first with a certificate. This same certificate needs to be installed in the trusted root store before attempting to install the actual driver.
It would be very bad indeed if people could silently force install untrusted drivers.
Señor CMasMas
- 6,155