Got this link from a post on the Educause security mailing list.

http://dougzuck.com/decrease-malware-infections-using-software-restriction-policies

Apparently it’s a reghack that enables policy settings so that a user can login with local admin rights but still launch apps as a restricted user. I’m not sure what I think about this. This sounds like an intriguing idea, however I’m not sure how effective it would be at stopping malware in practice. It may slow down malware from the web a bit but I’m not sure about other attack vectors.