How to remove an add-in from the "Always Load" whitelist

Anonymous · ‎06-08-2016

Hi,

We are developing an add-in and want to test that our code signing is working. I once clicked "Always Load" in the Revit 2017 start-up prompt. I now want to undo that choice so I can confirm that the add-in loads without prompting the user when the code signing certificate is installed properly.

How do I remove an add-in from the "Always Load" whitelist, or reset the list completely, in Revit 2017? Registry or config setting, can you point me in the right direction?

Thanks,

David

Troy_Gates · ‎06-08-2016

I found that for non-signed (no certificate) addins that the "Always Load" is stored in the registry at:

HKEY_CURRENT_USER\SOFTWARE\Autodesk\Revit\Autodesk Revit 2017\CodeSigning\

If you rename that folder and open Revit 2017 it prompts you again for the addins you already approved to always load. The name of the registry keys are the same as the guid in the addin file for ClientId.

But I haven't found the same thing for signed/certified addins yet. I will be continuing to look, as I want to know where it is also.

Troy Gates
https://twitter.com/TroyGates

L.Maas · ‎06-09-2016

I expect that you will not find a location for signed/certified add-ins. Revit can check if a certificate is available when loading the add-in. If the certificate is there than it can continue loading otherwise it wil default back to the unsigned situation asking what to do with the add-in.

The only situation where you need to store information is when the alwyas load is selected, as this has to be kept in between Revit sessions.

Louis

Please mention Revit version, especially when uploading Revit files.

Anonymous · ‎06-11-2016

I beleive that the "White List" is not a list of apps but is actually the list of "Trusted Publishers" in your Certificate Store.

When you click "Always Load," Revit installs the publisher's certificate in the (probably user's) Certificate Store. To reset the Code Signing dialog, remove your certificate from the Store.

If the certificate was installed to the user's store, you will probably be able to do this from Internet Explorer > Tools > Internet Options > Content > Cetificates > Trusted Publishers. Select your certificate and click "Remove."

If the certificate was installed to the Local Machine (as admin), I do it this way, from a command prompt as admin:

Display Certificates (local machine):
C:>certutil -store TrustedPublisher

This will display a serial number. Find it and add it in:

Remove Certificate (local machine):
C:>certutil.exe -delstore TrustedPublisher serial_number

stever66 · ‎06-13-2016

Are you loading the addin with a *.addin manifest file?

The easy, hack way is to change the <AddInId> number in the add-in manifest file.

Revit will recognize it as a new add-in, and ask again.

Maybe not the ideal solution, but it works.

Anonymous · ‎06-24-2016

Just to clarify, while changing the <AddInId> may work for non-code-signed add-ins, it will do nothing for code-signed ones.

I've still not seen any confirmation of this from Autodesk, but this is my "Black Box" understanding, which I have tested pretty thoroughly:

When Revit first encounters a signed add-in, it presents these choices:

Load once = Run this app this time, but do not add this publisher to my list of Trusted Publishers.

Always load = Run this app and add this publisher to my list of Trusted Publishers.

Once the user selects "Always Load," the only way to reset is to remove the publisher from the list of Trusted Publishers.