In an attempt to try and make it more difficult for our users to install
non-aproved programs, I want to be able to limit the places that some of our
users can run executables from, namely the local C: drive and our netware
apps volume L:.

We have set administrative prohibition on writing to the C: drive, which
prevents installation on there, however we have a local D: drive that is
used to store user files, and therefore must be writable, because of this
our users would be able to install stuff there, or any other place that is
writable (floppy disk, usb key etc).

So is there any easy way of doing this ?