for those of you who want to bypass the security dialog which occurs when installing non-MS-WHQL-signed drivers on Windows 7 64Bit (and Windows 8, 8.1) there was only a single solution for me that worked for scripted, automated, unattended or silent installations: import the certificates prior to install
Follow these steps:
install the software once manually by confirming that the unsigned drivers shall be used
go to %windir%\inf and search for the latest OEM??.INF file; open it (notepad) and verify by its contents that this is the driver you wish to install automatically next time
go to %windir%\system32\catroot{any ID}\OEM??.CAT (<- same number as in step 2); right click on this file, select properties, go to "Digital Signatures" tab, mark the certificate, click on details
on the next window click "Show Certificate"
on the next window open the "Details" tab and click "Save to File..."
collect this/all certificates
deploy these certificates
7a. either in a batch /cmd script using "certutil.exe -f -addstore "TrustedPublisher" "MYFILE.cer" prior to setup
7b. or by Group Policies (computer \ Policies \ Windows \ Security \ Public Key Policies \ add your files here )
finally, run your setup just the way you wanted :D
Note:
I was not able to bypass windows driver signature checks on Windows 7 SP1 Enterprise x64 using
Bcdedit.exe /set nointegritychecks ON
Bcdedit.exe /set testsigning ON
Bcdedit.exe /set loadoptions DDISABLE_INTEGRITY_CHECKS
Group Policy / Users / Settings / Administrative Templates / System / Drivers / Signature = ignore
Application Compatibility (ApplicationCompatibilityToolkitSetup.exe http://www.microsoft.com/download/en/details.aspx?id=7352 ) set NoSignatureCheck, Export DB, sdbinst -q \path\dbfile.sdb)
If someone malicious already has administrator access, they'll already be able to do whatever harm they want. Stopping them from installing a printer driver achieves exactly nothing. – Harry Johnston – 2016-08-09T03:57:35.173
-1. deploying software to numerous internal machines via a install script does not constitute a "virus", it's called "making my life easier". – Ryan_S – 2013-01-31T15:07:08.007
2@Ryan_S You're missing the point. The reason you can't bypass it is that it's ambiguous as to whether someone is installing an unsigned driver legitimately or maliciously. – ta.speot.is – 2013-01-31T20:22:32.363
the real point is that you used to be able to turn that prompt off, which was super helpful. now I have to write a fancy AutoIT script to hit OK! on all of those boxes. I'll concede that you have a point for 90% of situations though. – Ryan_S – 2013-01-31T20:29:49.760
@Ryan_S Let us know if AutoIT works out for you. – ta.speot.is – 2013-01-31T20:41:42.200