Disable driver signature enforcement permanently in Windows 10

Yesterday, I wrote a tutorial how to disable driver signature requirement in Windows 10. The mentioned solution is not permanent as the driver signature enforcement will be restored after reboot. In this article, we will see how to disable the driver signature enforcement permanently in Windows 10.

To disable driver signature enforcement permanently in Windows 10, you need to do the following:

  1. Open an elevated command prompt instance.
  2. Type/paste the following text:
    bcdedit.exe /set nointegritychecks on

    Windows 10 disable driver signature enforcement

  3. Restart Windows 10.

This will disable the driver signature enforcement in Windows 10 permanently. This preference will be preserved even after the reboot. So, if you need to flash an Android phone or install some old or specific hardware drivers, you will be able to bypass the driver signature requirement.
To enable the driver signature enforcement back in Windows 10, type the following command in the elevated command prompt:

bcdedit.exe /set nointegritychecks off

That's it.


32 thoughts on “Disable driver signature enforcement permanently in Windows 10

  1. andivax


  2. marcello

    mi da questo erore:
    errore durante l’impostazione dei dati dell’elemento. Il valore è protetto dai criteri di avvio e non può essere modificato o eliminato


    I get this error:
    error setting item data. The value is protected by the start criteria and can not be modified or deleted

    1. Sergey Tkachenko Post author

      Elevated command prompt.
      Use elevated command prompt.
      Run as Administrator.

      1. marcello

        I followed all the steps
        elevated command prompt,
        run as Administrator

        1. Sergey Tkachenko Post author

          According to your error message, you have no administrator rights.

          1. Roel vd Heijden

            I get the same error even though I’m in an Administrator: Command Prompt. I even activated the windows created admin account and tried it there without luck. Any idea what else it could be?

            (Exact error:
            An error has occurred setting the element data.
            The value is protected by Secure Boot policy and cannot be modified or deleted.)

          2. Bob

            @Roel vd Heijden, go to your UEFI BIOS when the computer starts before Windows loads by pressing F10 or Del on the keyboard (or F12 – this key varies with each PC). Once in the BIOS, look for an option to disable Secure Boot. Save settings once it is disabled. Then you will be able to disable the driver signature enforcement.

  3. Jonas B.

    Hi Sergey!

    I have been looking for a solution since Windows 10 was released, but the command you tips on above, is ineffective in all Windows 10 installations that I have tested on.

    The following error message still appears when I try to install my driver:
    “This INF file comes from a third-party vendor and does not contain any information about digital signatures.”

    If I manually select the “Disable Driver Signature Enforcement” mode in the boot menu, then it is no problem to install and run my driver.

    The driver I have problem with can be downloaded here:

    Please feel free to test yourself and see that it does not work, even if you run your command first.

    1. Sergey Tkachenko Post author

      OK I will look.

      1. Jonas B.

        Well, have you found an explanation why your tip will not work with my driver?

  4. alohq

    any side effects by doing this?

    1. Sergey Tkachenko Post author

      Unless you will try install unstable drivers, where are no side effects.

  5. Julius

    Didn’t work. Despite it saying that the operation completed successfully, it still enforces driver signature checking for some reason.

  6. rd

    Great work ……..

  7. Zibri

    On windows 10 to install unsigned drivers you must enter BOTH these commands:

    bcdedit /set testsigning on
    bcdedit /set nointegritychecks on

    to disable:
    bcdedit /set testsigning off
    bcdedit /set nointegritychecks off

    to remove the keys:

    bcdedit /deletevalue testsigning
    bcdedit /deletevalue nointegritychecks

  8. Leonardo Silva

    Don’t recomend simply disabling the integrity check.

    Instead you can go to Windows Group Policy Editor (gpedit.msc)
    And go to:
    – Users Configurarion (or Computer Configuration to change for everyone)
    – Administrative Models
    – System
    – Driver Installation

    Double click Code Signature for Device Drivers
    Then select a more appropriate value.

    Default is – not configured.
    Enable it, then in Options, select “When windows detects an unsigned driver file”, just select to WARN you, instead of ignore or block.

    This way you ensure everytime an application installs unsigned drivers, it will warn you of potential problems/threats.

    1. Sergey Tkachenko Post author

      Thanks for heads up.

    2. Graham

      The setting isn’t supported on >2003

  9. Meer Cat

    @Leonardo Silva…thank you for your gpedit.msc solution…exactly what I was look for….:)

    1. Captain

      NONE of those options works under Windows 10 Anniversary Edition version 1607 !!!

  10. Pete H

    This has never worked. This didn’t work in Windows 7 and it won’t work in Windows 10.

    Readydriver+ was the only way to do it in Windows 7, but it doesn’t work on Windows 10. So thanks Microsoft, you [censored] us again.

  11. Walt

    Do you need this just to installed an unsigned (old) driver? Or do you need to keep in in this disabled mode, even later when you are simply using these already installed drivers?

    1. Sergey Tkachenko Post author

      Usually I use this mode to install an unsigned driver for my Android phone to update its firmware/install a custom Rom.
      Once the driver is installed, I use the normal mode.

  12. S.Jeursen

    Commands “ bcdedit /set testsigning on“ , “bcdedit /set nointegritychecks off “ , “ bcdedit.exe /set nointegritychecks off“ are not possible to use in OS: Win10, Version 1703, BUILD 15063.483 or Version 1703, BUILD 15063.502 . Therefor you have to “disable Secure Boot (in computer’s UEFI)“.
    From the moment that you “enable Secure Boot“ the settings
    “bcdedit /set testsigning on“ , “bcdedit /set nointegritychecks off “ ect
    are overruled by OS W10.

  13. knox

    after doing all highlighted instructions I have a positive result. thanks a lot

  14. Enya Ribba

    Try This in Windows 10 1809:

    (To disable)

    bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS

    bcdedit -set TESTSIGNING ON

    (to Enable)

    bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS

    bcdedit -set TESTSIGNING OFF

  15. ADG

    You have to disable Secure boot in the UEFI CMOS Setup, to use those boot commands like

    bcdedit -set TESTSIGNING OFF
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    however, this works in secure boot at the prompt

    bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
    bcdedit -set loadoptions TestSigning OFF

    whether it actually works when rebooting.. Don’t know yet, haven’t tried it.

  16. Cameron Moody

    I keep getting this message when all I’m doing is following the instructions on this page:
    C:\Users\clove>bcdedit.exe /set nointegritychecks on
    The boot configuration data store could not be opened.
    Access is denied.

    1. Sergey Tkachenko Post author

      open cmd.exe as administrator.

  17. Rohit Kumar Rai

    After executing above file.
    It is showing that
    The value is protected by secure boot policy and cannot be modified.

    How can i Change this policy if possible?

  18. Tanmoy Biswas

    I did this same but they said that access is denied.so what can i do now?

    1. Sergey Tkachenko Post author

      It needs an elevated console instance. Run cmd.exe as Administrator.


Leave a Reply

Your email address will not be published. Required fields are marked *