Is it possible to prevent regular users from accessing the C drive via Windows Explorer? they should be allowed to execute certain programs. This is to ensure that employees cannot steal or copy out proprietary software even though they should be able to execute it.
One way would be to change the option in windows Group Policy and set the "shell" to something other than "explorer.exe". I'm looking for a similar windows setting that just hides the C drive or otherwise prevents trivial access.
This is for Windows XP/7.
So, how do they run the program if they can't read the drive that it's on?
In short - you can't do this the way that you're asking. For someone to execute a program, they have to have the credentials to be able to read it. Can you imagine what else would break if you really did explicitly deny users access to the C:\ drive? They wouldn't even be able to login.
You need a copy-protection or DRM solution, like a lot of games have. Or some sort of authentication server, such that the program can only run when it can contact a license server on the corporate network. I know that there are commercial solutions out there for exactly this.
Or, you could offer the program in such a way that the users never run it on their own PCs - hosted web-app, terminal service with no mapped drives, etc. Not all applications can be effectively run this way of course.
Edit - Also, why are you concerned about them decompiling it? You're not saving sensitive credentials within the application are you? For almost everything, that's a bad way to get things done. For example, if you ever have to change the password, now you have to recompile and redistribute the whole program.
If it's database access, you can distribute an ODBC connection that has the password saved in it so that the program doesn't need to have the creds hard-coded in.
Additional edit - you already asked this question last month on StackOverflow and got the same good answers that I just gave you. You can't do this as you're asking, because if someone can't read it, they can't run it. There are software solutions, someone mentioned Nalpeiron as a license server, which matched my answer above. Someone else mentioned splitting the business logic so that sensitive parts run on the server - you said the app was already developed. So you could host it on a TS and not let the users map drives, so they can't read the binaries from their desktop. That's about it.
Well, If you want to allow execute, that they have to be able to read content of disk => They can copy it.
What you are proposing just wont work. If you have a look at this question on Stackoverflow and in particular this answer you will find further reading on how to go about securing your .net application.