1. Prepare a list of all credible folders and sub-folders for worker needs under C:\
2. Create new group policy object: ‘Install only from specific paths’ -> Edit
3. Go to User Configuration -> Policies -> Windows Settings -> Security Settings -> Add ‘New Software Restriction Policies’:
4. Follow the settings below:
5. Examples for Paths:
Example 1 (Environment variable):
Example 2 (Folder Location):
Example 3 (Network Location):
6. Examples for complete basic list:
7. Save the GPO and link it to the relevant users OU.
8. Connect to domain computer with a user in that OU and run gpupdate /force
9. Deny Path Test: Try to download setup file (ex. npp.7.5.9.Installer.exe) and run it from Downloads folder. ensure you get a blocking message:
10. Allow Path Test: Now, Copy this .exe file to credible location like: C:\Platform1 and try to run, ensure you are able to to get admin request and then continue to installation window:
11. If everything worked correctly. You’re done.
In any case you will need to add new path, you just edit GPO to add another path, then run “gpupdate /force” in users computers and it works immediately (no restart needed).