A problem that has frustrated me for some time now is the insistence of Windows to automatically install device drivers at its leisure, independently of Windows Update. Often, these are just null drivers with some added bloatware from the manufacturer the don’t enhance the functionality of the device in any way. Recently, I was working with a MDT task sequence where I deploy an evergreen Nvidia GPU driver using a PowerShell script during the State Restore phase.
Before my task sequence step could run, Windows would download an outdated ~500MB Nvidia driver and install it, and when my own driver installation ran, I’d be left with unwanted artifacts from the previous driver, or worse, it would fail because the driver installation invoked by Windows hadn’t completed yet.
I couldn’t locate any substantive Microsoft documentation that described how to configure or disable this automatically triggered driver installation behaviour.
A web search revealed a number of registry values I could apparently use to control driver updates. Much of the information on these is outdated, or just straight up wrong. I found debate over the behaviour of the SearchOrderConfig setting between different Windows versions, while some sources insisted that the ExcludeWUDriversInQualityUpdate setting played a role. After testing, I found that no combination of these and related options in the registry changed the behaviour.
Windows still insisted on installing the GPU driver, unless I used PreventDeviceMetadataFromNetwork, which had the additional consequence of preventing Windows Update installing any drivers at all, even when a manual scan was triggered.
After a bit of further investigation, I noticed that the Windows service responsible for the automatic installation was DsmSvc, or Device Setup Manager. Microsoft describe the functionality of this service as “Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.”
I disabled this service temporarily and checked the behaviour, and my task sequence completed without the automatic GPU driver installation.
As such, it seems that there are two viable methods for preventing this behavior. Either setting the startup type of DsmSvc to 4 (Disabled), or setting the PreventDeviceMetadataFromNetwork DWORD to 1.
To avoid a kind of race condition where Windows installs the driver before a task sequence step can run to stop it, both of them need to be applied to the OS WIM in advance, or during the PE phase of deployment. I decided to go with the PreventDeviceMetadataFromNetwork option, and added an additonal task sequence step at the end of the State Restore phase that reverted the value, to ensure Windows Update was allowed to service the machine in the future.