Windows – No automatic driver installation after upgrade to Windows 10: The installation of this device is forbidden by system policy

driverswindows 10

Since my Upgrade to Windows 10 Pro (from Windows 7 Pro) the following message appears (in the right bottom corner) when connecting new devices:

The installation of this device is forbidden by system policy. Please contact your system administrator.

Edit:
This happens with absolutely any device: USB stick, docking station, mouse, Windows phone, …

Thus automatic driver installation does not work. Manual installation works. I want automatic installation to work as this is annoying, especially if you connect the
notebook to a docking station and have to install a gazillion drivers one by one…

The System is in a domain.

Edit: The AD is running on a Windows 2012 R2 Essentials machine. This server is the only Windows server in the domain (and in the whole local network).

My Account has local admin rights.

Edit: I am also the domain admin.

The group policies under

Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions

are not configured anymore.
They used to be configured under Windows 7 as I had to prevent the update of a graphics card driver.

The settings under

System Properties -> Hardware -> Device Installation Settings

are also set to

"Yes, do this automatically"

The problem occurs without virus scanner, too. After the upgrade Avira Antivir Pro had been removed from the system, but the problem still occured.

gpresult /R shows no used group policies (sorry, German output):

RSOP-Daten für abc\foo auf bar: Protokollmodus
--------------------------------------------------------

Betriebssystemkonfiguration: Mitglied der Domäne/Arbeitsgruppe
Betriebssystemversion: 10.0.10586 Standortname: Nicht zutreffend
Roamingprofil:Nicht zutreffend Lokales Profil: C:\Users\foo Langsame
Verbindung? Nein


BENUTZEREINSTELLUNGEN
----------------------

Letzte Gruppenrichtlinienanwendung: 13.07.2016, um 13:12:59
Gruppenrichtlinieanwendung von: gnarl.abc.local Schwellenwert für
langsame Verbindung:500 kbps Domänenname: abc Domänentyp: WindowsNT 4

Angewendete Gruppenrichtlinienobjekte
--------------------------------------
Nicht zutreffend

Folgende herausgefilterte Gruppenrichtlinien werden nicht angewendet.
----------------------------------------------------------------------
Richtlinien der lokalen Gruppe Filterung: Nicht angewendet (Leer)

Der Benutzer ist Mitglied der folgenden Sicherheitsgruppen
----------------------------------------------------------
Jeder Administratoren
Leistungsprotokollbenutzer
Benutzer
INTERAKTIV
KONSOLENANMELDUNG
Authentifizierte Benutzer
Diese Organisation
LOKAL
Von der Authentifizierungsstelle bestätigte ID
Hohe Verbindlichkeitsstufe

Edit:

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows shows the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SettingSync
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI

What could be the problem? What can I try?

Best Answer

There is a chance that registry keys of the policy still remain in the registry. Open regedit as an admin, and go to:

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall

If you see DeviceInstall folder, delete it (it's safe, because it's not there by default). Now, restart your computer and see if the problem still persists.

Update:

Windows shows a default behavior in each case. In our example, it's driver installation. By default, windows applies no restrictions to installation of legitimate drivers, so configuring the group policy to NOT restrict the driver installation makes no difference. But, in this case, and I have no idea why on the earth, windows default behavior has changed to restrict driver installation, which means not configuring group policy, no longer means no restriction. So, there are 2 ways to fix this:

Group policy: Set Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices not described by other policy settings to Disabled

Registry: This is the manual way, that does the exact same as above, but doesn't show up in group policy. However, changing the group policy later, will change this value. Open regedit as admin and go to:

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions

If you don't find DeviceInstall create it, and also create Restrictions as it's sub-folder (to correspond the registry key above). Now, add this registry key here and restart:

Key Name: DenyUnspecified
Key Type: REG_DWORD
Key Value: 0
Related Question