The features that control how devices are to be installed include the "allow" and "prevent" rules. If a "prevent" rule is enabled, the internal critical device database is bypassed for all devices and not just for devices to which the rules are directed. These rules have to be processed in the User-Mode component of Plug and Play. This means that the full installation of any new device driver is performed after the operating system is fully started. In other words, driver installation is incomplete until any such "allow" or "prevent" rules are processed. Therefore, a failure to start the operating system is possible and is in fact expected. For example, such a failure may occur with the installation of a driver that controls boot time critical devices. This includes child devices.
ExampleYou put a "prevent" rule into effect for storage controllers by following the steps in the following article. (Refer to the "Prevent installation of drivers matching these device setup classes" section under "Group Policy Settings for Device Installation.")
GUID for Storage is used. The user tries to install a storage class driver. However, to finish the installation, a restart is required (because the new driver’s device is being used). Early in the restart, the operating system must process the rule. However, the operating system cannot do this, because it has to be fully started to process this rule. Because the boot-critical database cannot be used to access this new storage driver, the operating system generates diagnostic code 0x7B. This is by design.
You can find one such setting in the Group Policy Management Console under the hierarchy Local Computer Policy, Computer Configuration, Administrative Templates, System, Device Installation, Device Installation Restrictions. Be aware that there may be other locations for such policy settings. This is just one example.
Article ID: 2902003 - Last Review: Jul 8, 2014 - Revision: 1