I've been running my XP system under a LUA with SRP for a while now, feeling nice and confident that nothing could run that hadn't been installed with my admin account. Well it seems that was a false sense of security. You can completely bypass SRP with no password or anything. If you have an executable that can't execute where it is because of SRP, simply using "runas /trustlevel:"Unrestricted"" will allow it to run. For example: Code: C:\Documents and Settings\crisp>c:\program.exe The system cannot execute the specified program. C:\Documents and Settings\crisp>runas /trustlevel:"Unrestricted" c:\program.exe and up the program will come. You still have the protection of your LUA though so I guess thats something. I even tried disabling the Secondary Login service, but just changing your trust level doesn't require that service and so it continues to work. So do I need a fully fledged HIPS to achieve what I thought I had with SRP? I guess specifically blacklisting the runas program might work too.