I'm doing a workstation build for some basic office web browsing and file server. I wanted to lock it down where no new software, add-ons ect can be installed. I want to make sure it will stay virus free even if a user goes to unsecur site or tries to install software that could have potential threats.