This article describes how to require users to have administrator privileges in Windows 2000 to add new hardware.

To increase security in Windows 2000, you may want to limit the number of users who can install hardware.

For devices to automatically install in the System context, the following criteria must be met:

•	The driver installation must not require a user interface.
•	All driver files must be present on the computer.
•	The driver package must be digitally signed.
•	No errors are returned from the first pass of installation.

Although you cannot circumvent this process by using a setting or a registry entry, you can cause one or more of the criteria in the list to be invalid to force the device installation into the User context. The easiest way to do this is to delete the Driver.cab file located in the %WINNTROOT%\Driver Cache\I386 folder. When you delete this cabinet file, you force the device installation out of the system context and into the user context. If the user is not a member of the local administrators group, they no longer have permissions to install hardware.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: