Interesting Security Focus review on a program that allow you to limit the priviledge of individual executables and their spawn.

Drop My Rights

Drop My Rights is an executable that accepts a path to your favorite program as a command-line argument. Consider for a moment that an administrator would want to run IE or Firefox in a more safe security context. The administrator would, in the case of IE, run the following command:

c:\path\to\dropmyrights.exe "C:\Program Files\Internet Explorer\iexplore.exe" C

This tells Internet Explorer to run at a reduced privilege level C, or "constrained user." This makes it so that if there is any sort of hole/vulnerability in IE or Firefox, the damage that can be done by an exploit is severely limited. The levels in this simple application are as follows:

* N for Normal User
* C for constrained user
* U for untrusted user - however, most Internet applications will fail

The important question is "does it work?" This can be answered with a few simple experiments. The idea is to test whether a system using this utility will be more protected than a system without this utility when browsing malicious websites.
Summary

It would be better for the Internet as a whole if users did not use their Windows web browsers with administrator privileges. Malicious viruses, spyware and Trojans are frequently installed through vulnerabilities in Internet-facing applications - either by visiting websites or by social engineering such as users clicking on malicious attachments in their email. However, due to the inconvenient and clumsy way of installing applications that require administrator privileges, many users continue to run as administrator. The easy use of DropMyAdmin can reduce the impact of a browser-based vulnerability and machine compromise, but it is still just one aspect of Least Privilege that administrators can use.
http://www.securityfocus.com/infocus/1848
SecurityFocus::Mark Squire 2005-10-04