Driver installation may fail if a required device results in Stop 0x7B

Summary

If the boot device list (the critical device database) changes when certain device-installation ("allow" or "prevent") restrictive Group Policy or operating system settings are active, the operating system may not start and may generate a diagnostic code.

More Information

Microsoft provides several features in Windows that control or limit the class or kind of device that can be installed. These features were added to Windows Vista and Windows Server 2008 and are present in all later operating system versions up to and including Windows 8.1 and Windows Server 2012 R2.

The features that control how devices are to be installed include the "allow" and "prevent" rules. If a "prevent" rule is enabled, the internal critical device database is bypassed for all devices and not just for devices to which the rules are directed. These rules have to be processed in the User-Mode component of Plug and Play. This means that the full installation of any new device driver is performed after the operating system is fully started. In other words, driver installation is incomplete until any such "allow" or "prevent" rules are processed. Therefore, a failure to start the operating system is possible and is in fact expected. For example, such a failure may occur with the installation of a driver that controls boot time critical devices. This includes child devices. 

Example 

You put a "prevent" rule into effect for storage controllers by following the steps in the following article. (Refer to the "Prevent installation of drivers matching these device setup classes" section under "Group Policy Settings for Device Installation.")

The Plug and Play device setup class GUID for Storage is used. The user tries to install a storage class driver.  However, to finish the installation, a restart is required (because the new driver’s device is being used). Early in the restart, the operating system must process the rule. However, the operating system cannot do this, because it has to be fully started to process this rule. Because the boot-critical database cannot be used to access this new storage driver, the operating system generates diagnostic code 0x7B. This is by design.

You can find one such setting in the Group Policy Management Console under the hierarchy Local Computer Policy, Computer Configuration, Administrative Templates, System, Device Installation, Device Installation Restrictions. Be aware that there may be other locations for such policy settings. This is just one example.
Properties

Article ID: 2902003 - Last Review: Jul 8, 2014 - Revision: 1

Windows Server 2008 Enterprise, Windows Server 2008 Datacenter, Windows Server 2008 Foundation, Windows Server 2008 Standard

Feedback