# W7, Winload.exe Can't verify digital Signature ...edit  fixed



## revin (Mar 1, 2015)

EDIT: Issue is  
"Windows Can't verify digital Signature Winload.exe "

So I've spent day's trying to get that copy of windows to work again, but alas the 0xc0000428 error of not verifying the digital sig.
I"m going NUTS !!!!!!
I had the BCD get messed up when moving HDD,thus the Boot order in BIOS was off, so went thru got that going and booted to a secondary copy of W7. Then went back to boot to my primry copy of W7, but got hit with the error.

I have done all the bcd edit's, bootrec,rebuild, ect, all the way to fixmbr with windows recovery enviroment.

The only thing I can't do is copy winload.exe from the install disc since it's inside .WIM folders.

I tried to use admin cmd to "copy" winload from another C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb folder, but still not enough rights, {mabe since I'm on a differant drive}

I've done this  dozen times before, moving drives round, ie a fresh copy of W7 on new drive, and a bcdedit, or VistaPro, VisualBC, would fix me up.

Please try to see what I'm missing to do.................. duh, copy from correct dir helps !


----------



## blobster21 (Mar 1, 2015)

if you're almost sure this problem is a bootloader issue, you should reinstall it from scratch  rather than trying to fix it :

Boot from your windows 7 CD,  reach the main page of the recovery center and select “Command Prompt”

```
bootrec.exe /fixmbr
bootsect.exe /nt60 all /force

attrib -h -s C:\boot\BCD
del C:\boot\BCD

bcdedit /createstore c:\boot\bcd.temp
bcdedit.exe /store c:\boot\bcd.temp /create {bootmgr} /d "Windows Boot Manager"
bcdedit.exe /import c:\boot\bcd.temp
bcdedit.exe /set {bootmgr} device partition=C:
bcdedit.exe /timeout 10
attrib -h -s C:\boot\bcd.temp
del c:\boot\bcd.temp

bcdedit.exe /create /d "Microsoft Windows" /application osloader

bcdedit.exe /set {your_device_UID_goes_here} device partition=C:
bcdedit.exe /set {your_device_UID_goes_here} osdevice partition=C:
bcdedit.exe /set {your_device_UID_goes_here} path \Windows\system32\winload.exe
bcdedit.exe /set {your_device_UID_goes_here} systemroot \Windows
bcdedit.exe /displayorder {your_device_UID_goes_here}
```
Using this method i have been able to fix 100% boot issues after cloning or moving OSes from disk to disk.


----------



## revin (Mar 1, 2015)

Thanks blobster, i'll give that a try, I hadn't got than deep into it other than creating a new store.

Thing is, I'm pretty sure it's only a  "Can't verify digital Signature" winload.exe

The boot sequence is correct, finding the 2 or 3 OS's [depending on which order BIOS drives are set}

You did get me thinking, so i'm going to try to change "ownership" to admin, to "allow full control"
brb

Thank you


----------



## blobster21 (Mar 1, 2015)

i wanted to check the owner of the boot folder on those two windows 7 pcs, only to find out i have no such folder....lol

The closest thing to a boot folder is located on a third computer, it's running win 8.1, and the files & boot folder are owned by TrustedInstaller


----------



## revin (Mar 1, 2015)

I tried switching from TrustedInstaller to amin but nada,

Can't use F8 to select Disable driver singing, so would there be another way to {use BCDedit?} to disble driver sining?
I tried checking the box in Vistbootpro before, but I read somewhere this am that disbleing dont usally work.  I'm trying it again

I'll  try to use admin cmd again to copy that other location over. 

Dangit, this will be the 3rd go around to reinstall if I have to get tht desperate, and the Tax program already got pissy bout loading it the second time


----------



## blobster21 (Mar 1, 2015)

If F8 is not an option, then local GPO could work too :

1. Start -> In the search bar -> GPEdit.msc
2. Enable and Ignore Code signing for drivers policy under User Configuration ->
  Administrative Templates -> System -> Driver Installation -> Code signing for drivers.

Please refer this thread link for more information:
http://social.technet.microsoft.com.../thread/5e048b0f-83b2-4281-b5e9-533ef3de564d/

there's also this Driver Signature Enforcement Overrider (v1.3b) used "to easily bypass the Driver Signature Enforcement in both 32-bit and 64-bit version of Microsoft Windows" :

http://www.softpedia.com/get/Tweak/Video-Tweak/Driver-Signature-Enforcement-Overrider.shtml

Beware though : Playing with files permissions & ownership is one thing, but those methods create a security breach and as such, i don't like them !


----------



## OneMoar (Mar 1, 2015)

blobster21 said:


> If F8 is not an option, then local GPO could work too :
> 
> 1. Start -> In the search bar -> GPEdit.msc
> 2. Enable and Ignore Code signing for drivers policy under User Configuration ->
> ...


you didn't read the thread the system won't boot because he trashed the BCD


----------



## revin (Mar 1, 2015)

No the BCD is working, it's the "Windows Can't verify digital Signature Winload.exe "


----------



## revin (Mar 3, 2015)

@blobster21 The GPEdit will only acsess the working drive which it is booted to.

But atleast I didn't have to resort to any messing with file sigs to get it !


----------

