This means protect the hard disk at the file and directory level by controlling what files may be created, deleted, modified, or executed. For example, you could make the entire Windows directory tree READ-ONLY and prevent any changes (or additions) to the Windows system files. By not allowing any directory to have both write access and execute access effectively limits what programs may be executed. Since ultimately everything that changes on the computer is at the hard disk level this type of security provides the most protection. This method of security is similar to the way operating systems such as UNIX and NetWare provide security.