Migration and Deployment Series Part 17 – Windows 8 App Policy and Sideloading Apps – Step by Step

With Windows 8 comes the new modern UI which greatly enhances our abilities to provide a more immersive experience to the end user when it comes to Apps.  In this article I will outline the steps for enabling administrators to push internal apps to client workstations via the process known as “sideloading.”

At high a level we will accomplish the following tasks:

Create a Group Policy for Sideloading Apps

Verify the Digital Signature of the App

Sideloading an App Per User

Creating a Group Policy for Sideloading Apps

First we must login to the domain controller and open Server Manager.  Open the Tools menu and select Group Policy Management:

Next we need to choose the proper Domain in the Forest, then right click the Domain and select “Create a GPO in this domain, and Link it here…”:

Give the policy a name such as “App Sideloading Policy”:

Now that the policy has been created, we need to right click “App Sideloading Policy” and select Edit:

Navigate to the App Sideloading Policy found under “Computer ConfigurationPoliciesAdministrative TemplatesWindows Components.”  Right click “Allow all trusted apps to install” and click Edit.

Select Enabled and then click OK:

Close the Group Policy Management Editor.   Login to a client machine where we wish to test the policy, from the Start screen type in “gpupdate” and then press Enter.


This section is now complete.


Verify the Digital Signature of the App

In order for sideloading apps to be successful they must be acknowledged via a trusted certificate.  Most enterprise server infrastructures have a certificate signed via a trusted root certificate authority, in the case below we will use a self-signed certifcate for the app we will be deploying later. Still logged into the client machine, open File Explorer by using the shortcut keys Windows + E.  In the address bar type in “\dcSource$SampleApps” (replacing the directory name where applicable to match your environment) and press Enter.  Go into the folder with the name of the application, right click the APPX file and click Properties:

Now on the Digital Signatures tab, click the digital signature, and then click on Details.  Notice that the digital signature is OK.

Now we can see that the certificate is recognized as valid, the group policy has already been created, so we are ready to Sideload the App.


Sideloading an App Per User

In this scenario we will sideload the app on a per user basis, which is helpful for testing Apps as well as small deployments where manual installation is preferred.  During the creation of each App, Visual Studio gives us a Package file for installing the App on client machines.  Open up a Powershell session by going to the Start screen, type in “powershell” and hit CTRL+SHIFT+ENTER (Opens Powershell with Admin privileges).  Now head over to the directory that you have the App located in.  In this case:

cd “Sample App_1.0.0.0_AnyCPU_Test”

Add-AppxPackage ‘./Sample App_1.0.0.0_AnyCPU.appx’


Now back at the Start screen, we see our new App installed: