Here's what I used to get the INF file to import:
secedit /configure /db .\blah.sdb /cfg .\enabledriversigningpolicy.inf
I then delete the blah.sdb file. I'm not sure it's function, but it's needed to complete the syntax for secedit.
One thing i did do was to reverse engineer the INF file by doing an export
secedit /export /cfg exportedsettings.inf
Then i looked in the INF file and saw the setting that needed tweaking, as below.
(You can find the limited documentation for secedit at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b1007de8-a11a-4d88-9370-25e244560587.mspx)
FYI: There were some line breaks that got messed up in the above quoting/re-posting. Here is the line *between* quotes with no line breaks:
"
MACHINE\Software\Microsoft\Driver Signing\Policy=3,1"
NOTE the space in "Driver Signing"
NOTE: 3,1 is "warn".....3,0 is "ignore"...and 3,2 is "block"
My method was to do this via a cmdlines.txt using sysprep. The policy is set to ignore drivers during the PnP re-discovery using the following line in my sysprep.inf [Unattended] Section. This allows the Mini Setup to re-find the NIC and install the drivers. W/o the ignore, it would not install the NIC, and thus not be able to join a domain, etc.
[Unattended]
DriverSigningPolicy = Ignore
Then it reapplys the driver signing policy at the end of MiniSetup with the above command part of the cmdlines.txt. This sets the policy back to where i want it ("warn but allow"). Otherwise sysprep/mini-setup would've set the machine policy to "ignore" and left it like that.
Hope this helps...i spent alot of time trying to figure out secedit and it's somewhat cryptic syntax. If you want the INF, and/or any of the sysprep stuff, email me at doslager (@) yahoo (dot) com, and i'll be happy to help.
Dave O.
