It was a long time in the making but it’s finally here! I think I’ve been seeing requests for how to do this since IE7 came out and up until now many people said it couldn’t be done. Once again the “impossible” has been captured and documented. – Isolating Internet Explorer 7.0

Here’s an excerpt:
“You can use application isolation to isolate and publish Internet Explorer 7. You can create a rule that forces all downloaded files to reside in the user profile root. This provides users with the freedom to download files if they wish to do so, but it also prevents them from running downloaded executables on the enterprise network.

Administrators can enforce cleanup policies that delete all session artifacts when the user logs off. Application isolation also enables you to publish multiple instances of Internet Explorer with different configurations, which is very useful when you have users with different usage requirements.”

The full article is publicly available here