I'm trying to futher secure a computer running WinXP. It already has antivirus and is setup to use limited user accounts, so users should not (easily) be able to tamper with system files. But I would like to protect some users against themselves, that is running .exe, ActiveX and other stuff downloaded from the internet. Basically we are talking about completely computer-illiterate users that shouldn't be able to run og install anything on their own Problem is I want a simple solution, and software like Faronics Anti-Executable seems a bit overkill for my setup. All I really need is some kind of white/blacklisting of execution from folders, so that people can run all apps in say: C:\Windows and C:\Program Files, but not in other dirs (like their own home directories). I really don't need to scan all files on my system with hashes etc. I rather prefer the directory-approach combined with sane NTFS permissions. So is there a lightweight solution for my needs?