Ability to protect a directory but not everything under it

This has been mention a number of times but I cannot find it in the wish list.

By default every user can create directories in the root directory and this can lead to security loopholes. To block running of programs outside windows or program files you need to block individual directories. The only way to do this at the moment is to specifically allow all programs under windows and program files and block everything else but this would allow any unsafe program under windows to be run without a warning.

It would also be nice to monitor writing to the root directory only.