VC++ code that keep running, allow only those processes to run which are defined in code, terminate all other processes as soon as they start. I know XP need certain processes for smooth operation, so assume all those will be added along with processes of my choice.
If you are trying to stop users from running rogue/unauthorised software this is not going to work.
e.g., you will need to allow the System to run, using various system calls I can get the system to run my program as a thread which is not visible in the process table and which is not even started as a .exe
There is a good document here: http://www.interhack.net/pubs/email-trojan/
You need to educate your users, if they have access they can run whatever they want. unless you introduce a code-signing system and lock the OS right down using the built in security.