I am sorry if my search has been poor,but can someone point me to to a "how to" on setting up Software Restriction Policy?

thank you.

Ps: Windows XP pro SP3

Ok,Sj100,thanks.
yes,I am running as administrator now,having used "drop My Rights" for internet facing applications,and Sandboxie for Browsers.
Now,in no small measure due to your excellent tutorial on Sandboxie,I have been able dispense with Drop My Rights,and run internet facers in what I have named my "media box" in Sandboxie.

Consider using SRP to achieve the same effect of DMR on your browsers,email clients etc. When SBIE starts the browser, although it will be a basic user instead of admin (because of SRP or DMR), SBIE uses the directory c:\sandbox\... . Meaning, you will not notice the effects of having the browser run as user instead of admin, because there are by default no restrictions at all to the directory c:\sandbox\... .

Think of it as, if you start IE as Basic User with SRP or DMR, and if SBIE ever failed, the browser would revert back to its User rights, which then keep things tidy.

Now think of if you don't use SRP or DMR to drop the rights of IE. If SBIE fails, and you are relying soley on it, then your browser will revert to your account status, and if it is admin, the browser has root, which is not a good thing.

Yes, it relies on SBIE being exploited, but you won't notice the difference anyway.

Sul.

Yes Sully,it was that double redundancy I was looking for when when I thought SRP would be be a good idea.
(maybe triple(?) redundancy,as I also use Returnil Premium.).,
I want all of the zero overhead (RAM/CPU)security I can get.