Keep backup images handy and re-blast them if something is fubar.
Almost the right answer.
I'm the one-man IT department at a nursing home. I generally don't provide tech support to our residents, though there are are a few PCs in our library that I'm expected to keep up and running. In addition to the risk of malware, there's always the chance that some "knows enough to be dangerous" user will seriously screw something up.
The answer is here: http://www.faronics.com/products/deep-freeze/ (No, I don't work for them, this isn't a paid endorsement, that's not even a referral link.) Set the PC up once the way it's supposed to be, then install Deep Freeze. Any time you boot the PC, it's back the way I set it up. Aside from hardware failure, any problem that comes up is as simple as, "Have you tried turning it off and then on again?" Staff shuts down the library PCs every night, and I told them to just hit the switch on the power strip. Why bother with a proper shutdown when there's nothing to be written to the hard drive anyway. Next time it boots up, Windows doesn't know it wasn't shut down properly. I don't bother running AV software on those machines. Once a month, I un-freeze them, run Window Update, then re-freeze.
The basic version of Deep Freeze is $45/seat. At a typical IT salary, it pays for itself pretty quickly in avoiding re-installs. The only thing to watch out for is not to use the "boot thawed on next boot only" option when running Windows update. Sometimes you'll get updates that need to run stuff after reboot, then reboot again, and you can get stuck in a boot loop. (There is a fix available.)
If you really need a free-as-in-beer solution, I remember years ago stumbling on instructions for doing something similar with XP by using the Enhanced Write Filter software from XP Embedded. If interested, you can do your own Googling, and I have no idea whether this involves violating licensing agreements or copyrights.