This chapter explained the concept of high-risk files and programs and how to minimize their risk. By default, Windows allows non-admin users Read & Execute permissions to most Windows system files. Administrators need to use NTFS permissions, Software Restriction Policies, Group Policy, Patch Management, and other techniques to prevent malicious misuse. As with any security advice, do not implement the recommendations in this chapter on production systems without adequate testing. Chapter 6 covers protecting high-risk registry entries.