As most are aware, gpedit is not available in Win7 Home Premium. I've tried a "hack" to install it, then set up an SRP, which others seem to have had success with, but I have not. It installs and runs but does not restrict executable from running. Similarly, I tried PGS, which is really for Vista, not WIn 7. It does a better job, but has problems. i.e. I can't run batch files, and even adding a path rule does not solve the problem. I also had services which did not run after setting it up, so it is out also. It seemed to me that I could go and restrict access to executables on most directories/disks, but I know little of windows 7 file permissions and they intentionally seem to make little sense. For example, why do you need a "read and execute" permission and also a "read" permission? Why not a "read" and separate "execute"? Also, if you click off the "read and execute", you lose "modify"?? I'm used to linux which makes sense to me. So my question really boils down to the following. Is there any way I can restrict execution to a few directories and executables without screwing up other permissions? I WANT to run as a standard user, not as an administrator, and still be able to modify files outside of restricted areas without being able to execute them. As far as I'm concerned, Microsoft really dropped the ball from a security perspective when they failed to include this kind of option in home premium and basic. Such a simple way to limit threats, and they expect home users to pay extra for it. But they give away MSE, which HAS to cost them a lot more to maintain.