Disable driver signature enforcement permanently in Windows 10

Yesterday, I wrote a tutorial how to disable driver signature requirement in Windows 10. The mentioned solution is not permanent as the driver signature enforcement will be restored after reboot. In this article, we will see how to disable the driver signature enforcement permanently in Windows 10.

To disable driver signature enforcement permanently in Windows 10, you need to do the following:

  1. Open an elevated command prompt instance.
  2. Type/paste the following text:
    bcdedit.exe /set nointegritychecks on

  3. Restart Windows 10.

This will disable the driver signature enforcement in Windows 10 permanently. This preference will be preserved even after the reboot. So, if you need to flash an Android phone or install some old or specific hardware drivers, you will be able to bypass the driver signature requirement.
To enable the driver signature enforcement back in Windows 10, type the following command in the elevated command prompt:

bcdedit.exe /set nointegritychecks off

That's it.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

32 thoughts on “Disable driver signature enforcement permanently in Windows 10”

  1. mi da questo erore:
    errore durante l’impostazione dei dati dell’elemento. Il valore è protetto dai criteri di avvio e non può essere modificato o eliminato

    translate

    I get this error:
    error setting item data. The value is protected by the start criteria and can not be modified or deleted

          1. I get the same error even though I’m in an Administrator: Command Prompt. I even activated the windows created admin account and tried it there without luck. Any idea what else it could be?

            (Exact error:
            An error has occurred setting the element data.
            The value is protected by Secure Boot policy and cannot be modified or deleted.)

          2. @Roel vd Heijden, go to your UEFI BIOS when the computer starts before Windows loads by pressing F10 or Del on the keyboard (or F12 – this key varies with each PC). Once in the BIOS, look for an option to disable Secure Boot. Save settings once it is disabled. Then you will be able to disable the driver signature enforcement.

  2. Hi Sergey!

    I have been looking for a solution since Windows 10 was released, but the command you tips on above, is ineffective in all Windows 10 installations that I have tested on.

    The following error message still appears when I try to install my driver:
    “This INF file comes from a third-party vendor and does not contain any information about digital signatures.”

    If I manually select the “Disable Driver Signature Enforcement” mode in the boot menu, then it is no problem to install and run my driver.

    The driver I have problem with can be downloaded here:
    https://dl.dropboxusercontent.com/u/28287582/USB-emulator_x64.zip

    Please feel free to test yourself and see that it does not work, even if you run your command first.

  3. Didn’t work. Despite it saying that the operation completed successfully, it still enforces driver signature checking for some reason.

  4. On windows 10 to install unsigned drivers you must enter BOTH these commands:

    bcdedit /set testsigning on
    bcdedit /set nointegritychecks on

    to disable:
    bcdedit /set testsigning off
    bcdedit /set nointegritychecks off

    to remove the keys:

    bcdedit /deletevalue testsigning
    bcdedit /deletevalue nointegritychecks

  5. Don’t recomend simply disabling the integrity check.

    Instead you can go to Windows Group Policy Editor (gpedit.msc)
    And go to:
    – Users Configurarion (or Computer Configuration to change for everyone)
    – Administrative Models
    – System
    – Driver Installation

    Double click Code Signature for Device Drivers
    Then select a more appropriate value.

    Default is – not configured.
    Enable it, then in Options, select “When windows detects an unsigned driver file”, just select to WARN you, instead of ignore or block.

    This way you ensure everytime an application installs unsigned drivers, it will warn you of potential problems/threats.

  6. This has never worked. This didn’t work in Windows 7 and it won’t work in Windows 10.

    Readydriver+ was the only way to do it in Windows 7, but it doesn’t work on Windows 10. So thanks Microsoft, you [censored] us again.

  7. Do you need this just to installed an unsigned (old) driver? Or do you need to keep in in this disabled mode, even later when you are simply using these already installed drivers?

    1. Usually I use this mode to install an unsigned driver for my Android phone to update its firmware/install a custom Rom.
      Once the driver is installed, I use the normal mode.

  8. Commands “ bcdedit /set testsigning on“ , “bcdedit /set nointegritychecks off “ , “ bcdedit.exe /set nointegritychecks off“ are not possible to use in OS: Win10, Version 1703, BUILD 15063.483 or Version 1703, BUILD 15063.502 . Therefor you have to “disable Secure Boot (in computer’s UEFI)“.
    From the moment that you “enable Secure Boot“ the settings
    “bcdedit /set testsigning on“ , “bcdedit /set nointegritychecks off “ ect
    are overruled by OS W10.

  9. Try This in Windows 10 1809:

    (To disable)

    bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS

    bcdedit -set TESTSIGNING ON

    (to Enable)

    bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS

    bcdedit -set TESTSIGNING OFF

  10. You have to disable Secure boot in the UEFI CMOS Setup, to use those boot commands like

    bcdedit -set TESTSIGNING OFF
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    bcdedit -set TESTSIGNING ON
    however, this works in secure boot at the prompt

    bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
    bcdedit -set loadoptions TestSigning OFF

    whether it actually works when rebooting.. Don’t know yet, haven’t tried it.

  11. I keep getting this message when all I’m doing is following the instructions on this page:
    C:\Users\clove>bcdedit.exe /set nointegritychecks on
    The boot configuration data store could not be opened.
    Access is denied.

  12. After executing above file.
    It is showing that
    The value is protected by secure boot policy and cannot be modified.

    How can i Change this policy if possible?

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.