File Signature Verification

Verify that your Windows 2000 files are digitally signed.

Ken Spencer

October 22, 2000

2 Min Read
ITPro Today logo in a gray background | ITPro Today

File Signature Verification (FSV) is part of Windows File Protection's (WFP's) file-checking process. The files that Microsoft includes with Windows 2000 carry digital signatures that let WFP and System File Checker (SFC) verify the files. The FSV tool can also search for signed or unsigned files on your server. This feature lets you use FSV to verify that all files on the system are digitally signed.

You can start FSV by executing Sigverif from a command prompt or the Run dialog box. Then, a dialog box lets you start the process immediately or click Advanced to set FSV advanced options. The Search page, one of FSV's Advanced property pages, lets you set the search for either Win2K system files (the default option) or other files. If you select the Look for other files that are not digitally signed option, you can specify the file types to search for and the folders to search. The Logging page, another Advanced property page, lets you set options that control the log file. You can save FSV's search results to a text file, and the scanner can overwrite or append the results to the log file. You can check the log for problems with any system files. You can even roll up the files from workstations and servers to a common share point for analysis.

To execute a scan, start Sigverif and click Start. Figure A shows the results of a scan on a server. Files that appear on the list don't have digital signatures. Most of the unsigned files are .log or .ini files, which don't have signatures because they aren't executable files. However, executable files that don't have signatures can cause problems in your system. After you've identified unsigned files, you can leave them, remove them, or replace them.

You can also set options in Win2K that control how the OS handles new drivers. This ability is important because not all drivers are part of the OS and thus part of WFP. For example, graphics application drivers might come from third-party vendors. The OS lets you choose to let the system install either signed drivers or signed and unsigned drivers. You can find this option in the Control Panel System applet. Open the applet, then click the Hardware tab and the Driver Signing button. If you set the Ignore option, you can install any driver. Setting the option to Warn (the default setting) lets you install any driver but warns you during the installation if the driver is unsigned. The Block option will block the installation of any unsigned driver files.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like