How To block Zoom/Appdata Files Via GPO

Prevent users from accessing an application like Zoom, that runs within the users ‘appdata’ folder using a Group Policy Object (GPO)

Written by Fegeins Louis
Updated over a week ago

Creating The GPO

1. Login to your domain controller. You can locate your Domain Controller by logging into the CAS Portal and follow the steps below.

1a. Expand ‘Cloud Manager’, click on

2a. Click on VM instances

3a. Locate your ‘Primary Domain Controller. Check the box to the left of it.

4a. Click on ‘Connect’

2. Once you’re logged into the Domain Controller, open up Group Policy Management. To open Group Policy Management, open Server Manager. You can do so by clicking on the Start button at the bottom left of the window.

3. Click on Server Manager

If Server Manager isn’t there, click on the Magnifying Glass icon, and then type in Server Manager and it should show up in the search results.

4. When inside of Server Manager click on ‘ Tools’ at the top right, and then click on ‘Group Policy Management’.

5. During initial setup of your deployment, you are prompted to create an Internal Domain Name. You can find the Internal Domain Name that you’ve set by logging into and checking your Deployment Details on the dashboard.

Moving forward, IDN will refer to your deployment Internal Domain Name. In this specific example, the Internal Domain Name is iamnealrice.neal.

The full name of the deployment in this specific example is Mellowship Slinky.

The deployment code is MSS.

In Group Policy Management , expand Group Policy Management → Forest: IDN →

Domains → IDN → (Your deployment code)-(Full name of your deployment)

6. Right click on (Your deployment code)-(Full name of your deployment) and click on

‘Create a GPO in this domain, and Link it here…’

7. Create a name for the Group Policy Object that you’re going to create. They should also reflect what you are attempting to accomplish with the GPO. The name of the GPO created for this example is ‘MSS_Zoom_Deny_Appdata’

8. Right-click on the GPO and click ‘ Edit..’

9. Expand User Configuration → Policies → windows Settings → Security Settings →

Software Restriction Policies → Additional Rules

10. In the ‘Additional Rules’ window to the right, right-click on a blank space, and click on ‘ New Path Rule…’

11. Here, you’re going to create two separate paths rules. For the first path, put the below text:


Set the Security level to ‘Disallowed’

Click ‘Ok’ when you’re finished.

12. For the second path. Put the text below


Set the Security Level to ‘Disallowed’

Click ‘Ok’ when you’re finished.

13. The GPO has been created successfully. Now, the last step is to test if it's working.

Verify That The GPO Is Working

1. Go ahead and login as a user and try to install a program like Zoom, or Discord.

If you get the below error while trying to execute the file, the GPO has been applied successfully. If not, please go over the steps provided in this guide once

more and reach out to our Helpdesk by sending an email to

with information on the issue that you are experiencing

2. We are here to help however we can with regard to your deployment, but our primary scope of support is solely within the automation that our Software provides for your environment. If there is an issue with Dynamic uptime and it's not functioning as it should, that is our responsibility. If your Server Uptime schedule isn't powering servers on and off as you have set it, that falls under our scope of support. If your CAS users module is not working, that also falls under our scope of support.

When it comes to OS Level issues, such as an application not working in the way

you would like it to, or if a GPO you're getting an error while applying a GPO,

those issues fall outside our primary scope of support. However, feel free to send an email to explaining the issue that you are running into, and we will do our best to assist.

Thank you.

3. Fin.

Did this answer your question?