You can change the permissions on this key to prevent them from doing so. (do the same for RunOnce, RunOnceEx and half a dozen other keys that do essentially the same thing.) Actually, they're executed during the logon process, but being in HKLM, they're executed for ALL users, so if a power user alters the key and an admin then logs on, whatever the power user added will run in the administrator's context. Anyone who has sufficient rights to install most software can install binaries that will subvert the system the next time an administrator logs on, since most software installers demand write access to the system folders and sensitive registry keys. You're probably better off installing software for them if you truly want to keep your system secure; that way you can verify that the software they want to install is safe. (Yes, it's a pain, but allowing inexperienced or untrusted users to install binaries to global folders is inherently insecure.) Quite a few. Depending on your setup, power users may be able to schedule tasks with the AT command, which subsequently run as SYSTEM. Among many others. (Even Users isn't totally secure in a default XP install, unless you tweak registry and filesystem permissions.) -- Phil