user config to limit application access

I want to Ubuntu 12.04 LTS in a work/office environment. The requirements are:

As a Desktop/workstation. I need 1 admin user of type Administrator, with accessed to all apps, and the normal ability to install new apps. Followed by 1 or more standard users. Initially the standards users will/must be confined to one email application (Thunderbird) only. No Web, or anything else.

So the problem with unity is "Dash Home", by simply pressing the "Dash Home" button the standard user can find and run (for example) the web browser, and any other app. I give Ubuntu an A+ for easy access, but that is the problem.

So, I could put the Administrative user into a new group, that is allow to run apps, chown all apps to that group, chmod apps so only this group can execute them, lots of on going work to maintain. Always the possibility of missing an app or two.

If I could just get rid of the "Dash Home" button for all standard users, and remove all default apps from the launcher for each standard user.

Any suggestions?

Make a Thunderbird kiosk - use Thunderbird as the only available session type; no window manager, nothing else. Take a look at /usr/share/xsessions/. Ccreate a session file called thunderbird.desktop which contains the following:

[Desktop Entry]
Name=thunderbird
Comment=This session only allows to check your e-mail
Exec=/usr/bin/thunderbird
Icon=
Type=Application
X-Ubuntu-Gettext-Domain=gnome-session-3.0

Configure /etc/lightdm/lightdm.conf respectively. Now, when the user logs in, only Thunderbird is started (check for options to start it in maximized mode). When Thunderbird finishes, the session exits.

Don't forget to put "exit" in the users .profile, otherwise they will be able to change to console (ctrl-alt-f1) and log in to a text terminal.