I’m sure Windows has an executable bit like unix which prevents applications being run but it might be easier to use something like this application:
Under a new account, you should be able to limit their access to apps without it affecting your account. You could also store apps you didn’t want them to run inside a folder protected by your account but that might be difficult to set up if apps need to run from a certain place.
This site might also give some useful info:
Because you have XP Pro, you can also do what it says on this site:
but be careful with it:
“Warning: Prior to making changes with the group policy editor please use System Restore to create a known good Restore Point in case you encounter issues. TweakXP.com takes no responsibility for any problems that may occur from using the Group Policy Editor incorrectly.”
You might be best following this guide as it’s from Microsoft and seems pretty straightforward:
Some people prefer to use 3rd party software to set ACLs:
the reason being:
[XP built-in] ACL Editor does not necessarily show what’s there, but displays an interpretation of an ACL. SetACL, on the other hand, shows you exactly what is stored in an ACL - thus it is possible that both tools list different ACEs in one and the same ACL.
In your case, the XP one should be fine.