Does psexec work properly with XP Home's default settings? [No.] I just discovered the PsExec tool from Sysinternals. With the '-l' parameter it can run a program as limited user, when invoked by an administrator. I tried this on a Windows 2000 desktop, and it did in fact work - it prevented the invoked application from writing to anything in C:\Program Files, for instance. That it works on Windows 2000 indicates (I think) that it uses a mechanism other than SRP, since Win2k doesn't have the SRP functionality to drop user privileges. However... On Windows XP Home, one of the default registry settings grants ownership of installed software to the user who installed the software, instead of the Administrators group. This means that, if you use SRP (IIRC including DropMyRights) with a user who has installed software... The applications you restrict will still have full write access to directories where you installed stuff, and whatever is in those directories. Needless to say that's not good. But, as I mentioned, PsExec's privilege limitation works on Windows 2000, whereas DropMyRights does not; which (presumably) implies that PsExec uses a different mechanism. My question is: would PsExec's mechanism for limiting program privileges work properly on a Windows XP Home installation, on which much of the installed software may be owned by a user instead of Administrators? Or would it fail as badly as SRP? Edit: Well, it turns out the answer is "no." Wow. Edit again: to clarify, "no" as in "it doesn't work at all."