The issue of such security always starts with physical access. For instance if I am given physical access to the PC there is little you can do to stop me from booting my Windows 2000 CD and doing things with it's Recovery Console. Hint: there's something no one told you. OR better yet, a KNOPPIX CD. All too easy.
There is one area that stops even an administrator cold but there is a heavy price. EFS does work, and can keep the admin out of my files but the management of the CREDENTIALS is beyond most.
Yes, fron the sound of that it's pretty redundant, but read on.
Thanks to some help from AussiePete, I have created a dual-boot system with each partition running Windows XP Professional SP2. The first partition has several users (w/ one administrator), and is used for daily operations. The second partition/boot is used for installing 'questionable' (though legal) programs which could potentially corrupt the OS. I dedicated it for this purpose so that my primary setup remains accessable and undamaged, and my personal files remain private should the OS become infected/corrupted.
However, the secondary boot requires at least one administrator, which then has access privleges to all other accounts...including those on the 1st partition. Is there a way (through Windows or a 3rd party program) to restrict the access of the administartive account on the 2nd partition from accessing the 1st partition at all: its OS, programs, files, etc?
Thanks for your input,