I'm kind of surprised about the lack of answers here. There are alternatives out there. You might try searching for "cafe" as well as "kiosk" management software. Internet cafes frequently have these issues, although they often layer other solutions like drive imaging so that no matter what gets messed up they just wipe it and start over.
When I had to solve this problem last for some public turist kiosk I wrote a system from scratch that involved net-booting the pc from tftp to a customized linux distro with a custom gtk application as the desktop, read only root file system and a home file system in ram that got nuked when they logged out. Obviously linux isn't an option for everybody, but it sure worked!
You might look up some shareware titles like "internet kiosk pro", "public access desktop", and "advanced internet kiosk" as well as cafe titles like "cafetimepro"....keep in mind these are things I got just now by googling and haven't actually checked out. I didn't see anything that made me go "oooh, this will do the job!". Frankly I hate windows!
Also if you provide a more accurate picture of your setup you might get more specific answers. One thing that occurs to me is that the way most larger organizations like colleges handle public machines is using a domain login system so people don't have local logins, and keeping the account privaledges too low to install software. You can also setup guest accounts this way that get a clean slate on each login.
What exactly do you need add on software to accomplish?
Edit:
Upon review of your edited question, I am going to suggest there might not be a perfect all in one solution but that you can probably get this accomplished much simpler and cleaner using a mix of technologies. Finding an all-in-one-package solution for your particular problem doesn't seem likely to me, but by breaking down the problem into parts you should be able to solve it.
In particular, separate the file management from the login/run/application security thing.
First of all, what files exactly do you need to control? If you were using domain based logins or a shared mount you could control the files for that user all in one place on a central file server and the user would get a fresh copy of the files on every login. If you require access to system file on each client I would suggest that you're going about something the hard way instead of the easy way. Keep your software and configurations in user space or on a shared drive so that managing files is a one time afair.
Secondly, for running your program, look for ways to execute your app on login and logout when it quits. This can be hacked together for normal windows sessions, or you can use terminal services application sharing to do it centrally. See this tutorial. If you have auto-login enabled on the kiosk, each time the application quit you would get a new fresh login and as well as re-running the latest version of your program.
By looking for software specific to your exact problems and combining them instead of general ones that happen to do everything you need I think you will find much higher quality solutions.
Good luck! -- Caleb
