Autodesk installation fails due to group Policy "Use Certificate Rules on Windows Executables for Software Restriction Policies" preventing unsigned executable files to run

Autodesk Support

Oct 8, 2023


Products and versions covered


Issue:

Autodesk installation, with expired digital signatures in it, fails due to group Policy "Use Certificate Rules on Windows Executables for Software Restriction Policies" preventing unsigned executable files to run.

Causes:

The issue may be stemming from the specific GPO which is very restrictive.
 

Solution:

Is Autodesk's timestamped code valid after a Code Signing Certificate expires?

In short, even if the certificate is expired, it was already signed and verified.

  • Thawte timestamp services allow you to timestamp your signed code.
  • Timestamping ensures that the code will not expire when the certificate expires because the system validates the timestamp.
  • If you use the timestamping service when signing the code, a hash of your code is sent to the timestamp server to record a timestamp for your code.
  • A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired. 
  • Once signed that is certified.


The issue may be stemming from the specific Group Policy (GPO) which is very restrictive.

The specific setting cares about the validity of the certificate, not its expiration.
See this extract from Microsoft Knowledge Base:
  • Enabling certificate rules results in software restriction policies checking a certificate revocation list (CRL) to make sure that the software's certificate and signature are valid. 
  • If disabling this GPO is not an option, you should add the specific certificate to the Trusted Publisher list to allow Inventor installation.
Note. This needs to be done by a system admin.

Products:

All Desktop Products;


Was this information helpful?


Need help? Ask the Autodesk Assistant!

The Assistant can help you find answers or contact an agent.


What level of support do you have?

Different subscription plans provide distinct categories of support. Find out the level of support for your plan.

View levels of support