With all due respect you didn't specify anything, you vaguely cited ACL's, temp folders, alternate credentials, sensitive areas of the system, services that do not actually require NT Authority\Local System or other unusual priveleges and GPO's. I do like the approach , but it would be interesting if you could provide some examples, lists of the services, etc. jaclaz Touche I did a rather involved writeup of the general concept a few years ago, I'll see if I can dig up a copy tonight. If I can't, I'll post it when I get back home tomorrow morning-ish. I listed out the various autorun locations, permission examples, and some general guidelines for this. Unfortunately, this approach can sometimes require tailoring to specific environments; the concepts remain the same though.