Hi,
echoing the approach Edwin mentions, if you are creating logins on business computers (you didn't state the use), you might go a step further and only give them
GUEST login access, which also locks out the
APP STORE access, or pops up a message requiring an administrator (you!) to come to their PC and type in your password to access the
APP STORE for purchases. If this is an educational environment, the same thing goes. Giving business or educational users in either environment
STANDARD login access invites them to do some damage to their computers that will cause you a lot of time and grief to fix.
GUEST login access makes it really hard for an occasional user to scramble their Windows settings, delete apps or folders or files. That's why public & University Libraries, and Senior Centers (I've worked on both) often use this method to lock out folks looking to cause damage or mischief on the computers you are setting up and ostensibly managing. The folks who administer these type of computing environments have now had decades to figure out the best methods, and besides using something like
STEADY STATE, which doesn't work all that well in modern Windows versions, it's your best bet for protecting computers you are deploying.
Best,
<<<BIGBEARJEDI>>>