Dela via


Device Driver Packages

You can add driver packages to a Windows image before, during, or after you deploy the image. When planning how to add driver packages to your Windows deployment, it's important to understand how driver packages are added to the image, how driver ranking affects deployment, and the digital signature requirements for driver packages.

Adding Driver Packages

You can add driver packages to a Windows image:

For more information, see Understanding Servicing Strategies.

Add driver packages before deployment on an offline Windows image by using DISM

Offline servicing is when you modify a Windows image entirely offline without booting the operating system. You can use DISM to add, remove, and enumerate driver packages on an offline Windows or Windows PE image. DISM is installed with Windows and is also distributed in the Windows Assessment and Deployment Kit (Windows ADK). For more information about DISM, see the DISM - Deployment Image Servicing and Management Technical Reference for Windows.

Note

You can't use DISM to remove inbox driver packages (driver packages that are installed on Windows by default), except for some network drivers. You can use it only to remove third-party or out-of-box driver packages.

If you're using DISM, you can add driver packages to an offline Windows image.

  • Driver packages that display the Designed for Windows logo are provided as .cab files. If you're using DISM for the installation, you must expand the .cab file before you install the driver package.

  • Drivers that are packaged within an installer can only be installed on a running Windows operating system. To install these types of drivers, you can add a custom command to an answer file to install the driver package. For more information, see Add a Custom Command to an Answer File.

    Note

    Running an installer to add drivers to an image is discouraged. If possible, extract the driver packages from the installer so you can use DISM to add them to your image.

For more information, see Add and Remove Drivers to an Offline Windows Image.

Add driver packages during an automated deployment by using Windows Setup and an answer file

You can use an unattended answer file to add driver packages to an image when you use Windows Setup for deployment. In this answer file, you can specify the path of a driver package (either network share or a local path) in the the Microsoft-Windows-PnpCustomizationWinPE or Microsoft-Windows-PnpCustomizationNonWinPE components. When you run Windows Setup and specify the name of the answer file, out-of-box driver packages are staged (added to the Driver Store on the image):

  • Use the windowsPE or offlineServicing configuration passes to add driver packages to a Windows image before the computer starts. You can also use this method to add driver packages that are needed to boot the system to a Windows image. For more information, see Add Device Drivers to Windows During Windows Setup. For more information about how Windows Setup works, see the Windows Setup Technical Reference.

  • To add driver packages that are needed to boot to Windows PE, use the windowsPE configuration pass.

Methods for adding driver packages by using Windows Setup include:

  • Using an answer file to add driver packages during the offlineServicing configuration pass of Setup.
  • Using an answer file to add driver packages during the windowsPE configuration pass of Setup.
  • For Windows Server, placing driver packages in the $WinPEDriver$ directory to be installed automatically during the windowsPE configuration pass of Setup. All drive letters with a value of C or greater are scanned for a $WinPEDriver$ directory. The drive must be accessible to the hard disk during Setup. Make sure that the drive does not require a storage driver to be loaded before it can be accessed.

For more information about these and other configuration passes, see Windows Setup Configuration Passes.

Add driver packages after deployment on a running operating system by using PnPUtil or an answer file

You can use the PnPUtil tool to add or remove driver packages on a running operating system. Alternatively, you can use an answer file to automate the installation of the driver packages when the computer is booted in audit mode. These methods can be helpful if you want to maintain a simple Windows image, and then add only the driver packages that are required for a specific hardware configuration. For more information about how to use audit mode, see Boot Windows to Audit Mode or OOBE.

Methods for adding driver packages online to a running operating system include these:

Driver packages for S mode

Driver packages in Windows S mode must meet certain requirements. See Windows 10 S driver requirements to learn about the types of driver packages you can add to Windows in S mode.

Managing Driver Folders

If you're adding multiple driver packages, you should create separate folders in your source location for each driver package or driver package category. This makes sure that there are no conflicts when you add driver packages that have the same file name. After the driver package is installed on the operating system, it's renamed to Oem*.inf to ensure unique file names in the operating system. For example, the staged drivers named MyDriver1.inf and MyDriver2.inf may be renamed to Oem0.inf and Oem1.inf after they're installed.

When you specify a device-driver path in an answer file, all .inf driver packages in the specified directory and subdirectories are added to the Driver Store of the Windows image. For example, if you want all of the driver packages in the C:\MyDrivers\Networking, C:\MyDrivers\Video, and C:\MyDrivers\Audio directories to be available in your Windows image, specify the device-driver path, C:\MyDrivers, in your answer file. If you're not using an answer file, you can use the /recurse command in DISM. For more information about the /recurse command, see DISM Driver Servicing Command-Line Options. This command makes sure that all driver packages in each subdirectory will be added to the Driver Store in your Windows image.

If all driver packages in the specified directory and subdirectories are added to the image, you should manage the answer file or your DISM commands and these directories carefully. Do your best to address concerns about increasing the size of the image through unnecessary driver packages.

Understanding Driver Ranking

One of the most common issues in deploying driver packages happens when a driver package is successfully imported into the driver store but, after the system is online, PnP finds a better-ranking driver and installs that driver instead.

The Windows PnP manager ranks these driver package properties in order of importance:

  1. Signing
  2. PnP ID match
  3. Driver date
  4. Driver version

For example, if a driver package has a better PnP ID match but is unsigned, a signed driver package that has a compatible ID match takes precedence. An older driver package can outrank a newer driver package if the older driver package has a better PnP ID match or signature.

For more information about driver package ranking, see How Windows Ranks Drivers.

Understanding Digital Signature Requirements

Signed driver packages are a key security feature in Windows. Driver packages that are installed in a Windows image must have a digital signature.

All boot start driver service binary files must contain embedded signatures. For example, kernel mode .sys files that are critical for accessing the boot disk.

Driver binary file can be signed in two ways:

  • Boot start driver service binary files are digitally signed via a method called embedded signing. Embedded signatures improve boot loading performance. For driver binary files that are not part of a PnP driver package, signatures should be embedded so that they're not lost during an upgrade of the operating system. See Embedded Signatures in a Driver File to learn more about embedded signing.

  • Digitally signed PnP driver packages contain a catalog (.cat) file that's digitally signed. The catalog file contains a hash of all the files in the driver package's .inf file for installation. A signed catalog file is all that's required to correctly install most PnP driver packages.

See Driver Signing to learn more about signing drivers.

Additional Resources

These websites provide more information about driver package requirements: