SECDRV.SYS Not Loading in Windows 10; this will break thousands of older games.

Here it is 2018 and this issue from 2015 still hasn't been resolved?

That doesn't speak well from Microsoft and concept of giving users the functionality they want. I don't want spyware, I don't want advertisements, and I really don't want your store up in my face because I am quite capable of navigating to a website to purchase your's or anybody else's software. What I want is an operating system that will run both my old and new games. Why is that so hard?

Since I got my first computer back in 1994 I had used Microsoft operating systems from MS DOS, Windows for Workgroups 1.1, Windows 95, Windows 98, Windows 2000 Pro, Windows XP Pro, Windows 8.0 Pro, downgraded to Windows 7 Pro when support for 8 ended and my old Pentium 4 couldn't even go to 8.1, and now after building a new computer (completed just a 5 days ago) I now have Windows 10 Pro. I am use to losing a few games and programs, which I really shouldn't be use to at all because these programs were written for Windows operating systems. One would think that Microsoft could offer some better backward compatibility with their older OS's and the programs written for those older OS's.

I was already feeling quite ripped off with Windows 8.0 and how soon they ended support for that OS. I didn't get 8 until a couple of months before support for XP ended and had less than 3 years of use on that OS. So thanks again Microsoft, Windows 10 has killed approximately 75% of my games library (that's the most I have ever lost with a change of OS) and I am not a happy camper (or user of your new operating system).

And we are just not talking about games here, I can't even get my simple Merriam-Webster Dictionary program (which did work on 8) to load because of this situation. I haven't checked my productivity software (video, sound, photo and web editing software) yet and I'm almost afraid to.

Now granted I am mainly a gamer but I do other things with my computer also. However, Microsoft should realize that gamers are a large part of their user base for their OS. If you piss gamers off by killing most of their games they are going to stop using Windows. You may laugh at that but all one has to do is to go onto Steam and see how many more games are now being written for Linux OS's. There are also some very good productivity software selections for the Linux OS's out there.

Myself, I guess I have to swallow this insult for now and run dual MS/Linux operating systems until I can make a complete transition to Linux. I'm an elderly person on Social Security and just can't afford to keep replacing software at this pace when I'd really like to be possibly exploring new software. I had to take out a loan just to build my new computer to replace the 12 year old Pentium 4.

Windows 10 has pushed me to this point. I'll say it again. I don't want spyware, I don't want advertisements, and I really don't want your store up in my face because I am quite capable of navigating to a website to purchase your's or anybody else's software. What I want is an operating system that will run both my old and new games. Why is that so hard?

Technically all you do is create a digital signature and install a program (driver: secdrv) that can then not be tampered with without you signing it again before it will ever start and that is able to start without a user present (run as a service) unless you leave it as demand start so you do need to give it a command to start every time you want it to.

The risk is not that the changes you make break your computer, but that they make your computer a bit less hardened against malicious software.

Nevertheless its likely safer this way than running NoCD cracks. Especially if you isolate that Windows installation by using a local account and BitLockering all your storage so that Windows installation can only acces its C:

Microsoft does provide a way to re-enable SECDRV.

• Install a game that brings (a recent version of) SECDRV.sys.
• Install the Windows 10 SDK from Get the standalone Windows 10 SDK. Just install all components, cuz who cares.
• Start PowerShell as Administrator.
• Find makecat.exe, makecert.exe and signtool.exe and add the path to your PATH:

dir -Directory -Path 'C:\Program Files (x86)\Windows Kits\10' -Recurse |

where BaseName -eq "x86" |

where { (dir $_.FullName -Filter makecert.exe) -ne $null } |

where { (dir $_.FullName -Filter makecat.exe) -ne $null } |

where { (dir $_.FullName -Filter signtool.exe) -ne $null } |

select -First 1 |

foreach { $env:Path = "$env:Path;$($_.FullName)" }

• The ones in a x86 subfolder are always OK on all Intel architecture chips. No need to match the hardware or the OS bitness.
• Create a new folder, copy SECDRV.sys in it. If it's an old version, use this one here. Its from September 2006.

mkdir "$env:USERPROFILE\Downloads\SECDRV" | Out-Null

cd "$env:USERPROFILE\Downloads\SECDRV"

• If it's an old version, use this one here. Its from September 2006.

curl -UseBasicParsing -Uri "https://github.com/ericwj/PsSecDrv/raw/master/tools/SECDRV/SECDRV.sys" -OutFile "SECDRV.sys"

• Enable test signing boot mode.

bcdedit /set "{current}" testsigning on

• Pick a subject for the certificate.

$Subject = "SECDRV.sys signing for $env:USERDOMAIN$env:USERNAME on $("{0:dd-MMM-yy HH:mm}" -f [datetime]::Now)"

• Create a root certificate.

makecert -r -sr LocalMachine -ss My -n "CN=$Subject"

• Open Local Machine Certificates.

certlm.msc

• Go to Personal, Certificates and select the certificate created, there usually is only one, or match the subject, right click Copy.
• Go to Trusted Root Certification Authorities, Certificates. Paste.
• Go to Trusted Publishers, Certificates. Paste.
• Make a text file called SECDRV.cdf in the folder and put this in it.

[CatalogHeader]

Name=SECDRV.cat

PublicVersion=0x1

EncodingType=0x00010001

CATATTR1=0x10010001:OSAttr:2:6.0

[CatalogFiles]

<hash>SECDRV=SECDRV.sys

• Make a driver catalog file in the folder.

makecat -o SECDRV.txt -r SECDRV.cdf

• Sign the driver. Use the thumbprint as shown in certlm for the certificate created, just double click it and look around, without spaces. Or get it in PowerShell with dir:

$Cert = dir Cert:\LocalMachine -Recurse | where Subject -Match ([regex]::Escape($Subject)) | select -First 1

$Thumbprint = $Cert.Thumbprint

signtool sign /sm /s Root /sha1 "$Thumbprint" /t "http://timestamp.verisign.com/scripts/timstamp.dll" secdrv.cat

• Install the driver.

signtool catdb /u secdrv.cat

• Reboot.
• Test if it works.

sc.exe start secdrv

If it doesn't work,

• one reason is the SECDRV.sys on your system is too old. Then the driver doesn't start.
• Another reason is Secure Boot is enabled. Run bcdedit again after disabling it.
• Another reason is you didn't reboot. You will have to reboot.
• On 64-bit systems, SECDRV might still report 'This driver is blocked from loading' if it is configured with C:\Windows\SysWOW64\drivers\SECDRV.sys as the binary path. To 1) verify and fix this, 2) copy SECDRV.sys and 3) change the binary path of the driver service:

sc.exe qc secdrv

copy C:\Windows\SysWOW64\drivers\SECDRV.sys C:\Windows\System32\drivers

sc.exe config secdrv binpath= C:\Windows\System32\drivers\SECDRV.sys

In PowerShell, don't omit the ".exe." in sc.exe. Nothing will appear to happen, but you will have ended up with a file called "start", "qc" or "config" that contains the text "secdrv" because sc is short for Set-Content...

Now play games.

Thanks, this enabled me to install and run the Sims Deluxe and it's various expansion packs without the need for a NoCD. Certain it will work with other games that require SECDRV.sys.

It's not perfect but this is the only way to restore full functionality with old discs. I wonder how severe the security vulnerability is though once this is enabled?

I don't doubt this will work but if i have to do all this I really don't want to take a chance it will cause a problem with my computer.