UAC, hiding folders, creating a secure and safe Win 7 environment

Hello there.

I've been a horrible home user of Windows for years --- my policy has consistently been to just be Administrator all day, every day, install random stuff, never uninstall anything, never question the origin of that questionable ".exe", etc...

So I formatted and am taking a new approach --- I will never log in as Administrator except to do administrative stuff like install software and upgrade drivers. I will use a Standard account for myself for everything else from playing games to organizing my music.

What I want to do, though, that I can't figure out, is basically lock my Standard user account down so it can't even possibly mistakenly do something administrative. I wish to be strict on myself, if for no other reason than to get me to stop working at 120 mph and THINK before I take an action that could potentially do more harm than good.

That being said, I basically figured out some basic functions of MMC and the idea of group policies. But I already found something that bothers me that I can't seem to fix:

As Administrator, I downloaded a program called CPU-Z to do some hardware stuff. I do not want this program to be visible to any Standard account in any way, period. Yet, when I log out, and log in as a Standard user, there it is, right in the Start Menu.

Using the group policy to specify programs that CAN'T be run, indeed I can "intercept" the attempt to run it from another account, but it shouldn't be visible from any other account, period.

Basically, I want my Standard accounts to see ABSOLUTELY NOTHING, except!!! for the programs and folders that I explicitly choose as Administrator. The other goal here is to create a completely clean and clutter free interface for myself and my average-user wife, so that when we log into our own accounts, we don't even have the chance to be confused, or accidentally click something, nothing should be visible, period, as a Standard user, unless I explicitly choose for it to be visible for that particular user.

I'm not interested in just "hiding" the folder/applications universally, or just removing them from the Start Menu universally, because I DO want everything to be visible from the Administrator account.

Click the start orb and then right click on "All Programs". You should see Open and Open All Users.
"Open All Users" is the start menu everybody See's.
C:\ProgramData\Microsoft\Windows\Start Menu
"Open" is the start menu for that logged in user. For example mine is
C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu.
I do believe what is in there only shows up in the start menu when I'm logged on. You could try putting that app in C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu.
Even if you do that though anybody could still run it by finding its folder in explorer and running the exe file.

Welcome to Seven Forums CptSupermrkt.
Many program have two install options, Install for all users, and, Only for me. Try using the latter when installing from your Admin account.
CPUz would be fine for all users, it can't change anything, it is just a monitor and hardware viewing utility.

Adjust Permissions?

As alphnumeric says, you can move the shortcuts to the Administrator's Start Menu.

You could set the "Hidden" attribute on the specific program folder (e.g. CPU-Z) to stop casual browsing.

Make a backup image before trying the options listed below.
You could also adjust the permissions (folder "Properties" window > "Security" tab) on the specific program folder (e.g. CPU-Z) so that "Administrator"/"Administrators" is the only User/Group with rights (i.e. you could remove "Authenticated Users" and "Users" from the list or restrict/remove their rights).

Do not remove "System" or "Trusted Installer" from that list.

If you are unfamiliar with adjusting permissions (this can be tricky) you could easily make a critical system-destroying error (hence the absolute necessity for a backup image).

If you have a viable backup image (two would be better) you can afford to experiment.

Every user can have their own start menu..
C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Windows\Start Menu

Put the things you only want your administrator account to have in its start menu folder.
However, honestly if you are running under a standard user account you cannot mistakenly do something.