required performance as follow should be met:
Create an Account for a user,
this account can run the programm that have been installed by administrator.
this account can't install any programme
this account can't delete any files
what's more, I hope that this account can not write or delete files in system disk like C:\
I know once the account login the windows system should write the temp or other kind of files in the system disk , but I dont want this account access C: to modify any important system files.