How do I restrict access to a drive or program in XP?

Tools->Folder Options->View -> Scroll to the bottom and take off simple file sharing.

Then, right click the drive, go to security and remove/add users as needed, changing their read/write permissions.

This can be done to any drive, including C:.

You can get applications that will restrict access to various parts of the computer (this is called "capabilities" management, usually). You can use the built-in Group Policy Editor in XP-Pro (not Home) by running (Windows-R) this command "gpedit.msc". The editor is easily figured out, but the various options themselves are sometimes cryptic. Just look up phrases on the Web for more help while editing. And take your time, and don't change something the implications of which you aren't certain you understand.

As to force things to run as Administrator -- nice one! You're thinking in the right direction about security (i.e. actually doing something about it ;-)

I don't have a recipe for your question, but I recommend at least starting by creating a user named 'User' or your own name or something, taking away its admin privileges, and then login in as Administrator to install new applications, drivers, etc, but then logging out and switching to 'User' to actually run apps, surf Web, etc. That way, if you accidentally allow a trojan to launch, it'll have difficulty installing ("hooking") itself in your system, which could prevent further infection/damage.

Tracy explained the "fine-grained security" thing well; follow that advice, and to add to it: remove "execute" permission on all files by default, then add it for specific users, or add permission for Administrator (of that PC) to execute (but nobody else). You can inherit permissions in child folders, and all kinds of good crap; a little light reading about the subject will do you no harm. ;-)

(Websearch for, say, "ntfs security tutorial" or similar).

At my school, they used the Novell system to do this.