Zebra Driver And Windows Hardware Validation 追蹤

0
Avatar
Legacy Poster

Hi Forum,

 

we are installing Windows 8 64bit in our environment. Each client can install local printerdrivers with no warnings (connect to a share / folder and choose INF-File). But with the Zebra Driver 7.3.3 and 7.3.4 each time an UAC warning appears:

 

Program Name: Printer Driver Software Installation

Verified Publisher: Microsoft Windows

....

Program Location: ...\ntprint.exe PSetupElevatedDriver....

 

Only a local administrator can confirm this window and install the printer. (Must users are not local administators)

 

Here is a snipped from the setupapi.dev.log (Installation from a local Administrator)

 

    sto:      {DRIVERSTORE IMPORT VALIDATE} 12:06:33.639
     sig:           {_VERIFY_FILE_SIGNATURE} 12:06:33.669
     sig:                Key      = zebra.inf
     sig:                FilePath = C:\WINDOWS\System32\DriverStore\Temp\{5057f073-c080-3049-aa76-244877039152}\zebra.inf
     sig:                Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{5057f073-c080-3049-aa76-244877039152}\Zebra.cat
!    sig:                Verifying file against specific (valid) catalog failed! (0x800b0109)
     sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 12:06:33.764
     sig:           {_VERIFY_FILE_SIGNATURE} 12:06:33.765
     sig:                Key      = zebra.inf
     sig:                FilePath = C:\WINDOWS\System32\DriverStore\Temp\{5057f073-c080-3049-aa76-244877039152}\zebra.inf
     sig:                Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{5057f073-c080-3049-aa76-244877039152}\Zebra.cat
     sig:                Success: File is signed in Authenticode(tm) catalog.
     sig:           {_VERIFY_FILE_SIGNATURE exit(0xe0000242)} 12:06:33.803
!    sig:           Driver package signer is unknown, but user trusts signer.
     sto:      {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 12:07:44.384
     sig:      Signer Score = 0x0F000000
     sig:      Signer Name  = Seagull Scientific, Inc
     sto:      {DRIVERSTORE IMPORT BEGIN} 12:07:44.393

 

I guess the two rows with the exclamation marks could be interesting.

 

Can you tell us, how our users can install this driver without local administration rights?

 

Thanks.
 

1 意見

0
Avatar
Domingo Rodriguez
版主
評論操作 永久連結

Our drivers have an Authenticode signature. Please try installing them first by installing them as follows:

 

1.      An IT admin will need to extract the Seagull Certificate file from the catalogue file (actually, any driver dll or exe can be used).

* Extracting the certificate:
* Locate the catalogue file, it can be found with the rest of the driver files and has the .cat extension.
* Right click on the cat file and click on 'Open'.
* Click on 'View Signature' button at the bottom of the dialog.
* Click on 'View Certificate' button.
* On the next dialog, click on the 'Details' tab at the top.
* Click on the 'Copy to file' button at the bottom
* Step through the export wizard. The user will need to provide a location and file name for the certificate, but the rest of the settings shouldn't need to be changed.

 

2.      Once the certificate is extracted, that certificate will need to be imported to the 'Trusted Publishers' key for the domain group policy.

* Importing the certificate into the group policy:
* Open the Group Policy Management application. “Start>Administrative Tools>Group Policy Management”.
* Locate and right click on the domain group policy, click on “Edit”.
* Select “Computer Configuration>Policy>Windows Settings>Security Settings>Public Key Policies”.
* Right click on the 'Trusted Publishers' and click on 'Import'.
* Step through the import wizard, provide the location and name of the certificate when asked then finish out the wizard. Other than the file, no other settings should need to be changed.

 

3.      Install the driver.

 

 

A few notes:

* After step 2 above, a reboot may be needed at this point.
* Once the certificate for Seagull is imported to the group policy, all drivers signed by Seagull will now install without the security prompts on any computer on that domain.

登入寫評論。