In each release of Microsoft Windows for the
workstation or server, Microsoft has made great attempts to increase the
reliability of the system by extending the number of included hardware
drivers. This holds true today for Windows Server 2008 R2 and Windows 7,
which to date have the most complete set of hardware and device
drivers. Of course, Windows Server 2008 R2 is only available in 64 bit,
which does limit hardware compatibility to a certain degree. Microsoft
works hand in hand with software and hardware manufacturers to provide
the means for these manufacturers to create the best drivers for Windows
that will provide the highest level of reliability for the client and
server operating systems.
System File Stability
Windows Server 2008 R2 and
Windows 7 allow an administrator to control the level of security
associated with hardware drivers. Because Microsoft works closely with
independent hardware vendors (IHVs), Windows Server 2008 R2 and Windows 7
support extensive brands of hardware and client/server peripherals.
When an IHV tests its hardware and passes certain Microsoft
requirements, its hardware driver is certified, digitally signed by
Microsoft, and, in most cases, added to the Hardware Compatibility List
(HCL) for the particular platform or operating system. If the driver is
certified early enough in the operating system development process, the
driver is included with the operating system.
Most new hardware will be
detected by Windows and will prompt to search the local file system or
Windows Update to find the driver. If the hardware was tested and
verified by Microsoft before the production release of Windows, it
should be found and added automatically. If the hardware was certified
after the release of Windows, it might be included in
Windows Update or the administrator might be required to locate,
download, and install the driver right from the manufacturer’s website.
In most cases,
administrators should only install drivers provided by Microsoft and
digitally signed by Microsoft Windows Hardware Compatibility Publisher.
In other cases, however, especially when it comes to connecting to
external disk storage, it might be preferential and required to use the
driver provided by the manufacturer. Unsigned drivers are not accepted
by default on Windows Vista, Windows 7, Windows Server 2008, and Windows
Server 2008 R2. These drivers are not fully tested and can cause
issues. Make sure to check with the hardware manufacturer for
compatibility before purchasing any new or used hardware that will be
attached to a new Windows Server 2008 R2 system. In particular, disk
controllers and disk access are critical to server stability and
administrators should always try to configure their disk controller
firmware version and driver version to match the recommended
manufacturer and Microsoft specification; otherwise, data corruption or
loss might result.
File Signature Verification (Sigverif.exe)
File Signature Verification is a
graphic-based utility that can be used when it is suspected that
original, protected, and digitally signed system files or drivers have
been replaced or overwritten after an application or device
installation. This tool checks the system files and drivers to verify
that all the files have a Microsoft digital signature. When unsigned or
incorrect version files are found, the information, including filename,
location, file date, and version number, is saved in a log file and
displayed on the screen.
To run this tool, click Start, Run, and in the search pane, type Sigverif.exe,
and press Enter. When the window is open, click Start to run a check
for signed drivers and system files in the operating system. This starts
a scan of the devices drivers and if they all pass, a window will open
stating that the files have been scanned and verified and digitally
signed. Click OK to close the pop-up and click Close to close the File
Signature Verification window.
System File Checker (Sfc.exe)
The System File Checker is a
command-line tool that is similar in function to the File Signature
Verification tool, but any detected incorrect files are automatically
replaced with the Microsoft version of the detected file. This tool can
be dangerous and cause serious problems if the administrator is not sure
if certain Windows files or unsigned drivers are required for the
operating system to function properly. This tool should be used if
operating systems become unstable and drivers or system files are
suspected or logged as possible causes of problems.
Note
Sfc.exe scans and
replaces any system files that it detects are incorrect. If any unsigned
drivers are necessary for operation, do not run this utility;
otherwise, the files might be replaced and cause your hardware to
operate incorrectly, producing data corruption, loss of functionality,
or actually producing different problems.
Sfc.exe can be configured to run using Group Policy. Sfc.exe options are configurable using Group Policy with settings found in Computer Configuration\Policies\Administrative Templates\System\Windows File Protection.
This might be a good option for supporting workstations to maintain
system stability. It might also prove to be useful for servers, but as a
general guideline, use is on workstations and servers only when system
file corruption or driver issues have been reported as problematic.