In Windows 2003/XP Pro you can use Software Restriction Policies to lock
down a computer with a default security level of disallowed and then define
what you wan the users to be able to run. Even in default disallowed users
can run applications in the program files folder and in the \windows folder
structure and you can lockdown from there. For Windows 2000 computers you
can use Group Policy and look at the settings under user
configuration/administrative templates/system for the run only allowed
Windows applications setting after reading the full description of the
setting. Note however that a user could bypass this if he can rename an
executable to be the same as what is on the allowed list. There may also be
third party applications that can do what you want but I cannot recommend
one offhand. The links below explain further. --- Steve
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- XP Software Restriction Policies
http://www.microsoft.com/resources/...n/Windows/2000/server/reskit/en-us/gp/206.asp
http://support.microsoft.com/kb/q178723/