Another thing that's good:

Use a limited user account unless you have to be logged in as an admin or root to do something. If at all possible, use the su or runas command to perform administrative tasks, rather than just logging on as root/admin.

Also, on Win2K/XP boxes, make sure only SYSTEM, Local Service, and the admin accounts have full access to WINNT\System32 and other sensitive parts of the system (like the registry). Any other accounts should have read only, with the obvious exceptions of the Guest and hidden accounts, which should have no access (and preferably no accounts )

This will help secure the system when used in tandem with each other by ensuring that if a virus enters the system you don't have the authority to modify system files (Because you are a limited user) nor will a process be able to modify registry keys (unless it uses another process that is running under system or local service).

It's not fullproof, but every little bit counts!