Wonder if i should let the cat out of the bag? ...... You can lock down a single user with Group Policy..... From what I have found out it is only a new feature in Windows 7.
Here's the instructions to apply Group Policies to a single user. Group Policy - Apply to a Specific User or Group
Open mmc.exe -> File -> Add/Remove Snap-in
Select Group Policy Object Editor -> Click Add..... Now here comes the kicker
A new window appears -> Select Browse -> Now Select the User Tab -> Select the user you wish to apply local Group Policies too -> Ok -> Finish -> Ok
Now underneath Console Root you should have
L Local Computer\*Useraccount* Policy
Expand this and you can now edit this Users policy.... This only affects That user!
There you have it. I have not been able to find these instructions anywhere on the web.... you have seen it here FIRST!