Make sure they are only regular users, give users/everyone no more than
read/list/execute permissions to the root/drive folder if possible, configure the
internet Web Content Zone to disable downloads via Internet Explorer if they should
not be doing any, and populate the disallowed Windows Application list in Group
Policy with at least setup.exe and install.exe [and any other popular unathorized
programs] which while not foolproof is easy to do and should help. See the link below
for how to do that. For more extreme control you will need to upgrade to XP Pro and
use Software Restriction Policies. --- Steve
