Creating The GPO
1. Login to your domain controller. You can locate your Domain Controller by logging into the CAS Portal and follow the steps below.
1a. Expand ‘Cloud Manager’, click on
2a. Click on VM instances
3a. Locate your ‘Primary Domain Controller. Check the box to the left of it.
4a. Click on ‘Connect’
2. Once you’re logged into the Domain Controller, open up Group Policy Management. To open Group Policy Management, open Server Manager. You can do so by clicking on the Start button at the bottom left of the window.
3. Click on Server Manager
If Server Manager isn’t there, click on the Magnifying Glass icon, and then type in Server Manager and it should show up in the search results.
4. When inside of Server Manager click on ‘ Tools’ at the top right, and then click on ‘Group Policy Management’.
5. During initial setup of your deployment, you are prompted to create an Internal Domain Name. You can find the Internal Domain Name that you’ve set by logging into
cas.itopia.com and checking your Deployment Details on the dashboard.
Moving forward, IDN will refer to your deployment Internal Domain Name. In this specific example, the Internal Domain Name is iamnealrice.neal.
The full name of the deployment in this specific example is Mellowship Slinky.
The deployment code is MSS.
In Group Policy Management , expand Group Policy Management → Forest: IDN →
Domains → IDN → (Your deployment code)-(Full name of your deployment)
6. Right click on (Your deployment code)-(Full name of your deployment) and click on
‘Create a GPO in this domain, and Link it here…’
7. Create a name for the Group Policy Object that you’re going to create. They should also reflect what you are attempting to accomplish with the GPO. The name of the GPO created for this example is ‘MSS_Zoom_Deny_Appdata’
8. Right-click on the GPO and click ‘ Edit..’
9. Expand User Configuration → Policies → windows Settings → Security Settings →
Software Restriction Policies → Additional Rules
10. In the ‘Additional Rules’ window to the right, right-click on a blank space, and click on ‘ New Path Rule…’
11. Here, you’re going to create two separate paths rules. For the first path, put the below text:
%appdata%\*\*\*.exe
Set the Security level to ‘Disallowed’
Click ‘Ok’ when you’re finished.
12. For the second path. Put the text below
%Appdata%\*\*\*\*.exe
Set the Security Level to ‘Disallowed’
Click ‘Ok’ when you’re finished.
13. The GPO has been created successfully. Now, the last step is to test if it's working.
Verify That The GPO Is Working
1. Go ahead and login as a user and try to install a program like Zoom, or Discord.
If you get the below error while trying to execute the file, the GPO has been applied successfully. If not, please go over the steps provided in this guide once
more and reach out to our Helpdesk by sending an email to support@itopia.us
with information on the issue that you are experiencing
2. We are here to help however we can with regard to your deployment, but our primary scope of support is solely within the automation that our Software provides for your environment. If there is an issue with Dynamic uptime and it's not functioning as it should, that is our responsibility. If your Server Uptime schedule isn't powering servers on and off as you have set it, that falls under our scope of support. If your CAS users module is not working, that also falls under our scope of support.
When it comes to OS Level issues, such as an application not working in the way
you would like it to, or if a GPO you're getting an error while applying a GPO,
those issues fall outside our primary scope of support. However, feel free to send an email to support@itopia.us explaining the issue that you are running into, and we will do our best to assist.
Thank you.
3. Fin.