At my job I help support a more than a few people how are almost completely daft and senseless when it comes to computers. Maybe I can offer a few ideas from what I've learned.
First, make sure the primary accounts user accounts are not members of the Administrators group. Make them members of the Power User group. Then make a pair of administrator accounts. If they start to show some common sense and willingness to learn how to use the computer safely and properly then give them the login for one of the adminstrator accounts and show them how to use the Run As function to do things that Power Users are restricted from. If they turn out to be the kind of users that can't help but click on every spam link or pop-up that is presented to them, then the extra restrictions of the Power User account coupled with a good antivirus/antispyware program will prevent a lot of malware from getting a firm hold on the system. Most of them will fail to install, and others will only partially install, before the antivirus software takes their heads off. There is a gotcha with this setup though. Some programs won't automatically update themselves when run under Power User accounts, so you may want to periodically check on the PC and update stuff like Adobe Flash, Firefox, Java, etc.
Second, set up a free account with
http://www.no-ip.com/ or a similar service. Create a domain name on their site for the computer, such as mydad.no-ip.com, and install the client on the PC so it can update No-IP with the PC's current IP address. Once that is done install RealVNC Server (
http://www.realvnc.com/) on the machine, but configure it so it does not start automatically. Set it for manual startup and give the user a nice, clear icon in the Windows menu to click on to start it. Once it's running you point your VNC client to the No-IP domain and you'll have control of the desktop.
Third, set Firefox as the default web browser and hide all the Internet Explorer icons. Installing the Ad Block add-on would be a good idea as well.
Other good ideas:
Set up an account for them with OpenDNS (
http://www.opendns.com/) and install the OpenDNS Updater client on the PC. Now you can log onto the OpenDNS account, configure the account to at least block phishing sites, and set up the PC's DNS config for OpenDNS. Later if they ask you if there is anyway to block other types of sites you can give them the login for the OpenDNS account and let them set their own filtering.
If you don't want to muck with Linux or buy drive imaging software, but want a fairly quick way to restore the PC back to your initial config, use the Backup app that comes with Windows. Install and configure everything, then use Backup to make a backup of the system onto a USB hard drive or flash drive (make sure you include the System State as part of the backup). If you ever need to wipe the drive and start over all you need to do is put on a basic install of Windows, connect your USB drive, start Backup, and run a restore.
