While listening to Security Now, episode # 129 [Transcript], Steve and Leo provided an excellent and thorough review of Microsoft's SteadyState Software, a tool for locking down a computer running Windows XP.
Windows® SteadyState™ is now available. (Windows SteadyState was formerly known as Microsoft® Shared Computer Toolkit for Windows XP.) Whether you manage computers in a school computer lab or an Internet café, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them. Windows SteadyState is easier to download, set up, use, and maintain than Shared Computer Toolkit.
Steve sums this up with the following.
So the beauty of this, instead of putting, like, a write lock on your hard drive - which Windows won't tolerate because it's constantly updating the registry, and there's all kinds of things going on with Windows, as we know, our hard drive light is flickering there even when we're not doing anything. So instead of write-locking the hard drive, it basically sequesters any writes. And when the administrator logs off, the administrator being a special user to Windows SteadyState, it will prompt you, saying do you want me to retain these changes or flush them? A normal user, a non-administrative user, does not have access to that. There's no choice that they're able to make.
So if you want to lock down your windows computers, Windows SteadyState might be a good solution. To better understand the pros and cons of SteadyState, I would highly recommend listening to episode #129 or reading the transcipt from Steve Gibson's web site, grc.com.