After learning of SuRun and talking with Easter, I have become more interested as of late in LUA for XP. Having SuRun is a great way to overcome some of the downsides to being in a LUA environment while still doing things that really require Admin rights quite frequently (ie. playing with code etc). Having messed with SRP also lately, I see that it can be very effective, but also has some downsides for an Admin using it and/or LUA. The guide for LUA/SRP here is quite effective at locking things down, maybe too effective. So, in looking for a way to increase the usability for common users and LUA that allows a little bit more freedom I created a method. Simply put, you use a few .ini files to set your preferences, a small script (autoit compiled) to generate a new security template .inf file, and then a batch file to integrate everything. I use the Security Setup template, so reversing the procedure in LUA is as simple as importing that template back into place and you are back to defaults. Of course, setting your user account to Admin gets you full rights to everything too. Now that I can grant access to most of Program Files to the LUA, there is less frustration to install a new browser for instance. At the same time, I can restrict say iexplore.exe from running in LUA. As for SRP, I choose now to selectively use it rather than make denying the default rule. The files can be had here http://www.filesend.net/download.php?f=85072f5bd344edce38568e25ccdb4f3f I have included a ReadMe that explains in simple terms as well as a more technical detail of what will happen. Some default values exist already. It should work with no changes in a vm box. Be sure to look at the .ini files when testing to make sure everthing that is granted or restricted is actually working. And don't forget to logoff/reboot for things to take effect. The usual applies I guess since there is an .exe involved. Someone will probably run it in vm (I don't know if SB will work or not) and then comment. Comments welcome, actually hoped for. Sul.