Many disappointed Windows Vista Home and Windows Vista Home Premium users (like me) have discovered that MS Software Restriction Policy (via gpedit.msc) is not available to further restrict Standard user accounts. A good article on SRP: http://www.mechbgon.com/srp/ "Ruin a malware author's whole day with a Software Restriction Policy! "... you can't use Software Restriction Policy if you have Windows XP Home, Windows Vista Home Basic, or Windows Vista Home Premium ... All I really want is default-deny with regard to standard executable files (please read *.exe). Since upgrading Windows Vista Home Premium to SP1, I have installed or attempted to install HIPS programs including SSM, ProSecurity, DSA, etc., but these are still works in progress for Vista SP1. Thus, no luck yet. I have found that default-deny for *.exe files is indeed available for Windows Vista Home Premium Standard user accounts. It exists within "Parental Controls -> User Controls" under "Allow and block specific programs". Under "Which programs can <username> use?", select the "<username> can only use the programs I allow" radio button. Then select the programs you wish to use in the selected Standard user account. ( It should be noted that system executables are 'white-listed' by default, although they do not appear in the listing, as are programs like Notepad.exe. ) Then logout and into your Standard user account, download some executable files (I tried Tcpview.exe, ZoomIt.exe and Notepad2.exe) and try to run them. It works! There is also an icon in the Windows Taskbar letting you know that the controls are active. A link for more detail: http://www.bleepingcomputer.com/tutorials/tutorial139.html Not as extensive as SRP, but good incremental protection for Vista Home Standard user accounts.