I've been speaking with someone about how we set up friend's computers(and how we operate our own). I'm of the mind that if you restrict things too much, all you do is prompt someone to discard all of the measures and use what's convenient regardless of increased risks. When I set up someone's system, I make a limited user account, but I do two things. I change file permissions for the entire User class to allow write and modify access for all non-system partitions. And I add SuRun so logging on as admin isn't needed as much. I think these two things are pretty reasonable. Coupled with sandboxed browsers and Returnil I'd call this pretty secure, while not being overly restrictive for ordinary use. I also shut off Returnil's virus guard and grant the sandboxed browsers full directory write access to the non-system partition. If I wanted absolute security I wouldn't be running Windows. I'd be running OpenVMS. I wouldn't use Flash. Etc I think granting write access and using SuRun make the LUA a LOT more usable with very little security loss. I consider a standard XP LUA to be almost unusable. I know I would still be using an admin account for everything if Users couldn't create and modify files. That's just too big a deal for me. So where do you draw the line between security and usability?