Windows Server 2012 R2
Generated report with GPRESULT /H GPReport.html
I am interested in the Driver Signing Policy. My problem is that this setting is set to 1, however browsing the key from REGEDIT shows this setting is set to 00.
I am trying to look at this setting by editing the GPO, however I can't find it anywhere, I simply don't know how to get to it to modify it.
Anyone knows how to find it?
Ps. It's not in: Windows Settings / Security Settings / Local Policies / Security Options
Also, it's not an Administrative Template setting, so it's not in System / Driver Installation / Code signing for device drivers
I had a same experience for some other group policy setting where I came to know that when you do not have the corresponding ADMX and ADML tepmplates available, the GPO settings would appear as a registry value. You're also encountering the same situation.
For your information, as mentioned in this link about "Windows - Allowing unsigned drivers to install without a warning", this option is not available in all version of Windows.
I think you should get in touch with your system admin team for understanding how had they configured the group policy at the first hand. This Social TechNet answer here mentions that this setting can only be configured in previous supported version of Windows - Windows XP, Vista, Server 2003.
So, it appears that someone from the admin team might have configured this setting on older version of Windows OS. I doubt if you've such systems, but, to me it looks like the only option to resort to modify the value.
As mentioned above, the setting in this GPO is being overwritten by any other GPO setting, which might be getting inherited based on higher precedence, or maybe something is being enforced.
Since this setting appears to reflect only on the older version of Windows (as listed in the previous point above), I think it is tough to find out which GPO is overwriting and setting the value to 0! You can test a very old OS with same GPO (and OU placement) as of this system, and then you can probably get to know!
Good Luck!
Driver signing is configured using bcdedit, and has been enabled by default for about ten years. The registry values in that policy are for versions of Windows that are no longer supported.