Close write access to program files? in vista? and from what fig you have it open? Only the administrator has access there, and only when a UAC request is accepted. Have you turned it all off?
umm… want to close access to your computer to specialists who will repair it? options:
* if we don’t want them to install something and break the system (i.e., a 100% hardware failure) - without bothering to make a full backup (with regular means of an OS or laptop), and when you return, without looking, roll back - business for 3 mouse clicks and waiting time.
* if we don’t want the data to be readable (hide personal porn), then either delete it (backup it to external storage) or encrypt it. Permissions are child's play; if you have direct access to the hardware, it's not protection.
ps You shouldn't complicate the life of repairmen by blocking their access, since administrative rights will almost certainly be needed to test the equipment, and if they are available, all rights to the directories are reconfigured.
And yet, by agreement, you can generally pick up your screw (you may only have to remove it at the service center).

> everything except changing permissions and changing ownership
Administrators have SeTakeOwnershipPrivilege by default, which means they can open any object with WRITE_OWNER access. Object owners always have implicit allow WRITE_DAC access, meaning they can change permissions on their objects regardless of whether it's an allow (or even deny) ACE on WRITE_DAC.
In short, you must first "own" the object (the Owner tab in the Advanced security dialog, or takeown.exe if you prefer the command line). And then you can change access to anything.
If you really want after these manipulations, you can return ownership of TrustedInstaller.