Lock down desktop and functions W2K PC on NT Network

I am looking for the easiest solution to this problem. I have an NT domain running currently. I need the easiest way to create a profile (either on the domain or locally) that will totally lock out the computers usage except for one icon which is to remain on the desktop. Basically, once the user logs into the PC (using a predefined user login), the only thing that should appear on the desktop is one icon from a third party software company. The start button can be visible as they will need to use it to log out, but I do not want to see any of the programs listed (i.e. no "run", "Help", etc.). Also, the pc is currently internet enabled and needs to remain this way to support the third party software, so I need to make sure they cant even launch the browser. This is not a major problem since I am just waiting for the network security people to configure a profile, but I am inpatient and hate to wait, so I would like to do it myself. Any help that can be provided would be appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would say your best bet is to use the local group policy on the workstations in order to lock them down. Start- run- gpedit.msc  There are lots of options here for locking down a workstation. There are lots of articles and help sites that discuss the use of group policy to lock down machines.
For example, you can use the software restriction policy to prohbit users from running any software other than the program you specify. You can prevent users from accessing the control panel, you can lock down the desktop, etc. Group policy is a wonderful feature :)
Just make sure to disable it from applying to administrators since local group policy by default applies to all users on the computer including admins:


Also, to keep from touching each computer, this will help you out:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.