Hello.
I manage a large-ish Active Directory network. We have developed a file system driver for internal use only. Machines on the internal domain and network perimeter would be required to load this driver at boot. We run Active Directory Certificate Services, and all machines have the Root CA Cert in the machine store, as well as a Code Signing certificate in the machines trusted publishers store. I can get the machines loading the driver via test signing, however this is not a good solution in our long term.
Is it possible to have full driver signing support using AD and Certificate Services? This would seem like a common request, however I have found zero information on this topic from various technical sources. Utilizing outside certificates is just not possible in our environment, all executing code is highly trusted and enabling an outside party to have any kind of control would be unacceptable.
Thank you for your time.
I manage a large-ish Active Directory network. We have developed a file system driver for internal use only. Machines on the internal domain and network perimeter would be required to load this driver at boot. We run Active Directory Certificate Services, and all machines have the Root CA Cert in the machine store, as well as a Code Signing certificate in the machines trusted publishers store. I can get the machines loading the driver via test signing, however this is not a good solution in our long term.
Is it possible to have full driver signing support using AD and Certificate Services? This would seem like a common request, however I have found zero information on this topic from various technical sources. Utilizing outside certificates is just not possible in our environment, all executing code is highly trusted and enabling an outside party to have any kind of control would be unacceptable.
Thank you for your time.
