Load and unload device drivers (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports accounts with rights to load and unload device drivers for Plug and Play devices. Device drivers run as highly privileged programs. A user could abuse this user right to install malicious code that would have destructive access to resources. You can use the name list to exclude or include users or security groups that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Load and unload device drivers

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_LOAD_DRIVERS

Category: Policy Compliance

  • Windows 2000 (105941)

  • Windows 2003 (205941)

  • Windows 2008 (248941)

  • Windows Vista (228937)

  • Windows XP (200937)

Title: Load and unload device drivers

Description:The user or security group has the right to load and unload device drivers for Plug and Play devices. Device drivers run as highly privileged programs. An intruder could install malicious code with destructive access to resources. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]