Malicious code such as viruses and worms have become an increasing problem. Windows XP introduced a mechanism called Software Restriction Policies that enables administrators to control what images and scripts execute on their systems. The Software Restriction Policies node of the Security Policy Editor, shown in Figure 8-11, serves as the management interface for a machine's code execution policies, although per-user policies are also possible using domain group policies.
Figure 8-11. Software Restriction Policy configuration
Several global policy settings appear beneath the Software Restriction Policies node.
The Enforcement ...