As mentioned in Locking down that Desktop, you can replace the shell by editing:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\
and replacing Explorer.exe with YourOwnShell.exe in the Shell
value. This, however, is a global change and affects all users.
To effect only certain users, create a batch file %windir%\System32\userinit.bat in which you select the lucky users, running YourOwnShell.exe, but running Userinit.exe for everyone else. Edit:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit and replace Userinit with Userinit.bat. Do not change the Shell, leaving it as Explorer.exe. Here is a sample Userinit.bat (I have chosen to identify the "lucky" users by creating a %username%.lucky file on \\YourPDC\Lucky$ to which everyone has list permission, but you can choose whatever mechanism you wish):
@echo off
if exists \\YourPDC\Lucky$\%username%.lucky goto YourS
\\YourPDC\C$\winnt\system32\userinit.exe
goto end
:YourS
\\YourPDC\C$\winnt\system32\YourOwnShell.exe
:end
exit
If you mess up while testing this (I did) and only a partial desktop loads:
CTRL+ALT+DEL, choose Task Manager / File / New Task / userinit.exe.
