This means protect the hard disk at the file and directory level by controlling what files may be created, deleted, modified, or executed. For example, you could make the entire Windows directory tree READ-ONLY and prevent any changes (or additions) to the Windows system files. By not allowing any directory to have both write access and execute access effectively limits what programs may be executed. Since ultimately everything that changes on the computer is at the hard disk level this type of security provides the most protection. This method of security is similar to the way operating systems such as UNIX and NetWare provide security.
If the above options do not provide enough security for you, download Access manager for Windows.
Access manager provides much more security than standard ways in Windows.
More articles about Security