One of the most common reasons cited for granting administrative privileges to notebook users on Windows is the need to install drivers for new hardware when IT support isn’t available. Happily, Windows 7 has improved driver handling and it’s likely that when a new device is connected, it will either be supported out-of-the-box, i.e. a driver for the device is included with Windows 7, or a driver will be automatically downloaded from Windows Update and pre-staged into the driver store (c:windowssystem32driverstore) so it can be installed by a standard user.
Situations will always arise where the driver for a device is not available as part of Windows 7 or Windows Update, so if your organization has non-standard devices which users should be able to install without intervention from IT, there are several options for realizing this. Drivers should be included as part of your company’s standard OS deployment image, but where that’s not possible, the DevicePath registry value can be set so that the driver store can be updated with drivers located in custom directories.
When a new device is connected to Windows 7, the OS searches Windows Update for a suitable driver and failing that, the local driver store. If neither location turns up an appropriate driver, the last step is to search the path(s) specified in the DevicePath registry value.
In Windows 7, paths listed in the registry are considered trusted and standard users can pre-stage and install drivers from those locations. Any drivers you place in directories listed in the DevicePath value must be signed with a certificate trusted by the devices on which the drivers will be installed.
To add additional search paths to the DevicePath registry value:
- Type regedit in the Search programs and files box on the Start menu and press CTRL+SHIFT+ENTER to start Registry Editor with administrative privileges.
- Locate the DevicePath value under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion.
- The default search path is %SystemRoot%inf and you can add additional paths by double-clicking the DevicePath value in the right pane of Registry Editor to modify the string and add new paths separated with semi-colons. For example to search the default local path and a network location, in this example server1drivers, the string might look as follows: %SystemRoot%inf;server1drivers
You could also consider making network locations available offline so that notebook users can install drivers when not connected to the network.
Russell Smith, IT Consultant & Security MVP
Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.
Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.