There are things that you can do that can be helpful but may stop all installations
100 percent - you would need XP Pro for that. First make sure that users are only
regular users. If they are administrators or power users on their machines it will be
near impossible. Regular users may still be able to install some software, though the
next recommendations may help inhibit that. If appropriate give everyone and users no
more than read/list/execute permissions to the root/drive folder. That would leave
them with the ability to only create folders/files in their profile in default
installation. Use Local Security Policy/administrative templates/system and disable
the command prompt and registry editing. Then populate the disallowed Windows
Applications list with at least install.exe, setup.exe, and command.com [feel free to
add other common junk applications]. In more severe lockdown situations you can use
the "run only allowed Windows Applications" setting. That setting will allow a user
to logon and do not much else unless you specifically add executables to the list
which may not be as easy as it sounds. Be sure to read the full explanation of all of
those settings as they have limitations such as users may be able to run applications
if they can rename them or get access to the command prompt. Also keep in mind that
Local Group Policy applies to all users equally including administrators so be sure
to test out your lockdown so as to not lock yourself out completely to the point you
can not disable policy to make necessary changes to the operating system when
eded. --- Steve
