I have 5 questions I hope someone could help me with.........

1. What is my easiest option (when locking down users desktops) to
stop them from being able to run admin tools, being able to stop &
start services etc?
I have stopped them being able to r/click My Comp and manage but you
can still start these programs from system32 etc.....

2. How to stop users being able to run/browse certain parts of
directories (ie system 32, with regards to question above), also would
this have undesired affects to their normal running of the system?
(would it be wise to stop users saving to the C: drive and only allow
them to save to My Docs?)

3. I have a desktop preferences package setup which stops wallpaper on
the relevant users. The only problem with this, is that it removes the
wallpaper and when you log back on the machine after as a user with no
policy associated the desktop is still removed, why? (I dont have
policy caching or remain in effect checked)
Also what is the difference between using the desktop preferences on a
user package or using the desktop preferences on the user - group
policy package?

4. All the work done on the policies has been done on my workstation.
If I log on to my workstation as a user with a policy applied a lot of
the settings do not apply (ie Windows key + R for the run command),
although these policies apply on all other workstations which I logon
to, why is this?

5. When implementing a search policy with a container do I associate
it with a user container and then point it to the container with my
user policies in? or is it the other way round?
I have users in different container (locations) so if above is correct
would I have to create a search policy for each of my location
containers and point them all to my user policy containers?

I know its a lot of questions to ask, but any thoughts/answers on these
would be very much appreciated

Thanks in advance