Any
> suggestions on how I can lock down a system without revoking admin
> priveledges?


There is no way to do this that I'm aware of.

You might consider applying the compatws.inf security template. It will
"loosen" Win 2k's security to where those applications may be able to run
while logged on as a regular user.

I would try it on one computer and test the results before running it on all
your computers.
See:
http://support.microsoft.com/default.aspx?scid=kb;en-us;269259&Product=win2000


hth
DDS W 2k MVP MCSE

"ntelscho" <ntelscho@discussions.microsoft.com> wrote in message
news:94FE6D84-E429-4BF4-8538-74D49B617FCB@microsoft.com...
> I'm looking for information on setting that can be made to prevent users
from
> having spyware installed on their machines using 2000. The main problem is
> that all the users need to have administrative access for some of their
> applications to work. Are there some settings that I can change in IE or
> elsewhere that would at least help prevent this for most users? Any
> suggestions on how I can lock down a system without revoking admin
> priveledges?