Sideloading Windows Store Apps – Install and Configure the Key

In a previous post, I described the process of obtaining a Microsoft key to use for Windows Store apps that are sideloaded (not obtained or installed via the store).  We have taken this approach most recently with the “Magic Wall” software that we built for CNN. Now that you have the key, let’s configure a machine with that key to install and run the sideloaded application.

I was surprised to see that there is nothing to do to the application itself to enable it for sideloading.  You don’t embed your key in the app – it’s completely stand-alone.  This kind of makes sense and has a huge benefit of allowing you to use the same sideloading key for any application, even if it wasn’t originally intended to be sideloaded.  You DO still have to sign your application with a code-signing certificate.  Let’s take care of that first. 

Sign the App With Code Signing Certificate

In your WinRT application project manifest, Packaging tab, use the button to “Choose Certificate…”.  Point to your code signing cert, provide your password, and you’re good.

Sign the application

Sign the application

Now build your app, and create the app package.  You only need two files from the directory of files created by the app package tool: 

  • the .appx (application and resources bundled for installation)
  • the .appxsym (debug symbols, useful for digging through crash dumps, etc)

The appx is still not signed, it’s just built with the certificate.  Now let’s sign it.  Open a command prompt with administrative privileges, and run the following command, providing the path to the certificate and the certificate password.

SignTool sign /fd SHA256 /a /f {PathToCertificate} /p {Password} {PathToAppx}

Install Sideloading Key

Next you have to configure the machine where you want to sideload the application.  You only have to do this once for each machine, and then you can sideload any applications on it.  Again, the key is not tied to the application.  You can easily find this info online, but here it is again for reference.

From an administrative command prompt:

The command below installs the sideloading key on the machine.  Use the key that you got from the Volume License Center key manager.  You should see a success message when it completes.

slmgr /ipk {your sideloading key without curly braces}

Then run the next command, which “activates” the sideloading key.  You must be connected to the internet to run this command, as it will connect with the Microsoft licensing servers to verify the key.  Unlike the GUID above, the GUID used below is not specific to your sideloading key.  Everyone should use this same GUID. You should see a success message when it completes.

slmgr /ato ec67814b-30e6-4a50-bf7b-d55daf729d1e

Allow Trusted Applications to Install

Next, a simple registry entry allows the OS to install trusted applications (those that are signed).   Add the following key and value to the registry.  You should add the “Appx” key if it doesn’t already exist.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1 (DWORD)

Install the Application

Finally, you install the application using PowerShell. Copy the .appx and .appxsym to the target machine where you have enabled sideloading from above. From a PowerShell command prompt, use the following command.

Add-AppxPackage {PathToAppx}

Now you can find the installed application on the start screen list of all apps, or through search. Pin it to the start screen or run it from there.

That’s it.  Hope that works for you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>