I have been trying for a while to block users from downloading software and installing it from the internet and from using removeable media onto their machine. I would like to deny this, but still allow us to push software packages through Group Policy. So, far most of this is working, however, I can't get Group Policy to work. I have attached the screen shots of the rules that I have attached to the "installation not detected" rule module. Has anyone been able to get this to work? I figure that I am doing something completely wrong. Just a quick rundown, my âGroup Policyâ rule allows the MS service (services.exe) to invoke the Software Install applications - Microsoft (msiexe.exe, etc..). âMy Block internet downloads and removeable media installation" rule denies any application from running "untrusted content" "download directory executables", "software install applications in download directories" and "temp directory executables". I don't have this rule applying to microsoft installs, SMS, Auto Update, and Mass software deployment applications. Thank you very much everyone for all of your help.