Windows User Account Question

So, last evening my grandmother downloaded some "free books". We should all know how that ended. Yeah, I spent most of the night cleaning up after the mess.

Anyways, I discovered that her main account has full administrator permissions. She is also on Windows 7. Would it be a good idea to create a new account to be administrator, set her account to "basic", and give her the password to the administrator account, so she has to think twice before installing anything?

Also, is there an easy way to completely disable extensions in Chrome? I saw I could force chrome into Incognito on startup, but I really don't want to do that...

Just wondering what you guys out there do to keep yourselves (and family members) safe on the internet. It's very easy to fall for stuff if you aren't well trained.