Dear all, The concept and implementation of SRP have been extensively discussed previously,for VISTA: https://www.wilderssecurity.com/showthread.php?t=232857 , and XP: https://www.wilderssecurity.com/showthread.php?t=200772 . Concerning Win7, no great change, but from time to time, I receive requests to make an implementation file for Win 7. You will have this file attached at the bottom of this message: a .txt file to convert in .reg file and to merge with the registry (double-click) when logged as admin. I decided to give only the standard set up as follow: - by default unrestricted locations - AuthenticodeEnabled, type: dword, value: 00000000 - Defines that certificate rules should not be applied - DefaultLevel, type: dword, value: 00000000 - Disallowed. - TransparentEnabled, type: dword, value: 00000002 - 2 indicates to include all files in evaluation, especially DLL. - PolicyScope, type: dword, value: 00000001 - 1 indicates to apply to all users except administrators. - ExecutableTypes, type: multi_sz, values: WSC VB URL SHS SCR REG PIF PCD OCX MST MSP MSI MSC MDE MDB ISP INS INF HTA HLP EXE CRT CPL COM CMD CHM BAT BAS ADP ADE Few remarks: - It is so easy to implement when one has the win7 PRO or ultimate version that one should use the local security policy under administration tools only by following the explanations from there: http://www.mechbgon.com/srp/index.html - If your are on premium (or Family, whatever the name), use PGS or my file to start. The advantage of PGS is that it is easy, safer, and you can easily add or remove rules, as you wish: https://www.wilderssecurity.com/showthread.php?t=244265 - if you decide to add an executable type, please expect to break some functionality or to be unable to open some files... If it is a problem come back to the previous state by removing the added values. Take care.