Geoff Chappell, Software Analyst
The work of the Kernel Shim Engine (KSE) is largely in two parts: devices and drivers. This shows most clearly in two more or less independent sets of functions that are exported in version 6.2 and higher. On the one hand are:
and on the other:
Those that are highlighted yellow are undocumented. Yes, they’re all undocumented.
The two parts to the work of the Kernel Shim Engine (KSE) can be disabled separately, each in two ways. First, each part has its own registry value for disabling by policy:
To be meaningful, the value must have exactly four bytes of data of the required type. If this data is 1, then the (corresponding) device or driver functionality is disabled. Both settings have user-interface support in the Group Policy Object Editor as “Device compatibility settings” and “Driver compatibility settings”, respectively, in the “Device and Driver Compatibility” administrative template. The descriptions given there are:
Second, either or both can be disabled through a shared registry value:
For this value too, the data must be exactly four bytes of the required type. Two bits are meaningful: a set 0x01 bit disables the engine’s driver functionality, and a set 0x02 bit disables the device functionality.
These registry values are acted on only as the kernel initialises. Disabling both the device and driver functionality disables the engine such that all the exported KSE functions will fail immediately if called. (Note, though, that there is no consistency to the returned error code, which is variously STATUS_UNSUCCESSFUL or STATUS_NOT_FOUND.)