>右键单击文件夹名称,然后选择“属性”.
>单击“安全”选项卡.
>单击“高级”按钮.
>单击“更改权限…”按钮.
>取消选中“包含此对象的父级的可继承权限”
>将出现一个窗口.单击“添加”以保留现有权限.您将在接下来的步骤中编辑它们.
>添加或选择要限制执行文件的用户或组.如果要选择现有组,请单击“编辑…”按钮.
>将出现以下窗口.取消选中“遍历文件夹/执行文件”的允许复选框,我将其括在红色中.

根据Microsoft Technet entry on permissions for files and folders,“遍历文件夹/执行文件”权限执行以下操作：

For folders: Traverse Folder allows or denies moving through folders
to reach other files or folders,even if the user has no permissions
for the traversed folders. (Applies to folders only.) Traverse folder
takes effect only when the group or user is not granted the Bypass
traverse checking user right in the Group Policy snap-in. (By default,
the Everyone group is given the Bypass traverse checking user right.)

For files: Execute File allows or denies running program files.
(Applies to files only).

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.