Thank you for looking this question. I would use Applocker in Win10 Pro 20H2.
Using Applocker, it prohibit to run downloaded files by User (as MSI Installer, *.exe).
1) I created a GPO by GPMC on Windows Server 2019.
GPO is include that Everyone cannot run any application in "C:\program files*"
2) GPO is linked to OU that it belong to the target windows 10 client pc.
3) it run "gpupdate /force" and restart windows 10 pc
4) I test that applocker prohibited application is run. but there is a no effect. any application is lunched
My question is that
Is Not Windows 10 Pro 20H2 support AppLocker?
How version of windows 10 is support AppLocker?