I've found my answer.
I added a shutdown batch script to machine group policy that does the following...
NET USER Resident /DELETE
RD C:\Users\Resident\ /S /Q
NET USER Resident /ADD
NET USER /COMMENT:"Resident"
NET USER /FULLNAME:"Resident"
NET USER /PASSWORDCHG:NO
NET USER /EXPIRES:NEVER
WMIC PATH Win32_UserAccount WHERE NAME='Resident' SET PasswordExpires=FALSE
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21" /f
This removes and readds the account, deletes the folder and associated registry entries. I have an admin account that won't be adversely affected by the key removal at all. This accomplishes what I want. The account is restricted in the way I need, and it is refreshes at every reboot.
My last action was to create a task to reboot the PC nightly.
SCHTASKS /CREATE /TN "NightlyReboot" /TR "SHUTDOWN -R -F -T 0" /SC DAILY /ST 03:00:00 /SD 01/01/2013
That'll 'bout do it. :)
Thank you everyone for your help and suggestions. I was able to take a little something from everything and make a sound solution. And now I've saved us $6-7k in yearly licenses fees. WOOHOO!!