RealVNC / Windows 2000 Security

[Adam Kane <kane () linkitsoftware com>]

My software company currently uses two specific machines
(both running Windows 2000 Pro) as "VNC" machines.
The purpose for these machines is to display two of our software 
products, and allow remote login to

the computers for potential clients (very few ask) to test out the
program, rather than us creating a 30-day trail type of setup.

The problem I'm running into is correctly securing these machines.
I've set it up (realvnc) so it's using encryption, and created very
strong passwords, along with running on a different port specified by
me, rather than the default port, but it always seems to fail, as I
come in sometimes and find stuff wrong with them, like ad ware, or a
message box pop up from netsend, etc.

I have also gone as far as editing the registry for the specific user
that we set up to run the RealVNC Server - the user is called Client.
We made changes to the explorer policies so that the desktop would not
show, along with disabling Internet explorer, and a few other things I
found from a registry hack website.. but that hasn't seemed to help
either.

The problem is that we need these VNC machines in order to show
clients our software, but we don't want to have to keep re-formatting
every week to ensure they are clean.

Any suggestions on how to keep these machines secure and accessible to
our potential clients, and keeping these machines away from any other
networked computers is appreciated.  Thanks.

-- Regards, Adam Kane