I am trying to setup a machine to lockdown the default user from running anything except programs I autorun. I however need to keep a local administrator available with full access. This needs to be accomplished on a standalone workstation running XP SP2.

I know how to setup the computer to autologon and to auto launch a program, but the lockdown is being difficult. There was a program in the W2k resource kit for W2k, but I can't find anything for XP.


User:
Can't do anything except use program that is running.

Administartor:
has full access as normal

I would assume this would be done using a group policy. I have found a technote from microsoft including a sample policy for setting up a Kiosk (Basically what I want) but it talks about linking this to the active directory on a W2k3 Server. This system is standalone. Any Idea how to do this to a User or a User Group??