How to prevent automatic installation of hardware in Windows 2000

This article was previously published under Q241367
This article has been archived. It is offered "as is" and will no longer be updated.
This article describes how to require users to have administrator privileges in Windows 2000 to add new hardware.
To increase security in Windows 2000, you may want to limit the number of users who can install hardware.

For devices to automatically install in the System context, the following criteria must be met:
  • The driver installation must not require a user interface.
  • All driver files must be present on the computer.
  • The driver package must be digitally signed.
  • No errors are returned from the first pass of installation.

Although you cannot circumvent this process by using a setting or a registry entry, you can cause one or more of the criteria in the list to be invalid to force the device installation into the User context. The easiest way to do this is to delete the file located in the %WINNTROOT%\Driver Cache\I386 folder. When you delete this cabinet file, you force the device installation out of the system context and into the user context. If the user is not a member of the local administrators group, they no longer have permissions to install hardware.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
219435 Non administrator permissions to load and unload device drivers

Article ID: 241367 - Last Review: 10/22/2013 00:30:54 - Revision: 3.4

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Datacenter Server

  • kbnosurvey kbarchive kbhardware kbhowto KB241367