Is there a way I can have something similar to server lockdown on user computers? What would be the best way to achieve this through sophos, or if not possible through sophos how can I achieve so even local admins cannot install anything or anything they accidentally download doesn't run a malicious script.