I'm looking into using only LUA, Applocker and Sandboxie for security. I have a few questions: At the moment I just have the default settings for Applocker set up and I am using an Administrator account yet I can't run .exe files outside of Program Files (and presumably the Windows folder; haven't tried). With default settings, shouldn't an Administrator be able to run all files? Are the default settings in Applocker adequate enough, creating allow rules when necessary for programs I use and trust? I remember reading somewhere that you need to change Application Identity in services to Started and Automatic to use Applocker properly. Is this true? I haven't seen it mentioned anywhere else. Edit: Does UAC in an Administrator account offer similar protection that LUA offers?