Pebkac

Preventing Windows automatically installing drivers

A problem that has frustrated me for some time now is the insistence of Windows 10 to automatically install drivers at its leisure, often accompanied with a nag screen prompting me to enhance my device’s capabilities by downloading some other poorly made bloatware from the manufacturer’s website. Recently, I was working with a MDT task sequence where I was deploying the latest Nvidia GPU driver, using the Chocolatey package nvidia-display-driver.

Before my task sequence step had time to run, Windows would jump in and drag down 500MB of an outdated WHQL certified Nvidia driver and install it, and when my own driver installation ran, I’d be left with all of the unwanted artifacts from the previous driver, or worse, it would fail because the background driver installation hadn’t completed yet. I didn’t want to add the driver into MDT because I didn’t want to be updating the driver every time the wind changed, and I also knew from experience that a massive display driver adds quite a lot of time onto the dism step that applies the unattend file inside the task sequence.

I couldn’t locate any substantive Microsoft documentation that described how to configure the automatic driver installation behaviour.

A web search revealed a number of promising Group Policy settings I could use to control driver updates. Many of these were Windows 7 centric, as the machinery for driver updates in Windows Update has been around for quite some time. I found much debate over the behaviour of the SearchOrderConfig setting in the DriverSearching key, while some articles also suggested setting the ExcludeWUDriversInQualityUpdate setting. There was also quite a few guides for blacklisting individual devices from installation based upon their PCI device IDs, which seemed messy and time consuming to me.

Ultimately, after significant testing on my part, no combination of values in these policies changed the behaviour. Windows still dutifully streamed that GPU driver down, much to my chagrin.

I debated configuring a firewall rule that temporarily blocked the access of the Windows Update and BITS services from internet, but decided this approach was inelegant, and also wouldn’t solve the problem in the long term.

After a bit of investigation with procmon, I noticed that the Windows service responsible for the download was DsmSvc, or Device Setup Manager. Microsoft describe the functionality of this service as “Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.”

Intrigued, I quickly set about disabling this service to check the behaviour. My task sequence completed with no automatic GPU driver installation, and as a bonus there were no popups asking me to download the “enhanced” software for my mouse or webcam. These devices still worked fine because I had already added the driver files for them to MDT. Great success!

Searching online, I again could not find any good documentation specific to this service. I did read that in Windows Server, the service only exists when Desktop Experience is installed, not Server Core, which provided me with some reassurance.

Conscious of the fact that disabling Windows Services often has unintended consqeuences, I used the system as a daily driver for a few weeks, periodically checking the event logs for issues. At the time of writing, I’m yet to encounter any problems.

So, if you are also a control freak like I am, and would prefer to deploy your own handpicked drivers for your hardware, then go ahead and disable your DsmSvc, and you’ll be able to cross another item off the list of Windows 10 annoyances.

If anybody reading this can find any official documentation about this service, or the automatic updating behaviour, please post in the comments. If there’s a supported way to control this functionality without turning off the service, that’s definitely the way I want to go.

← Server 2016 as a desktop