Is it feasible to lock down a user account on a Windows 7 or Windows Vista laptop so that it's not possible to copy files off of it? (e.g. disable all internet access, disable USB ports or at least ensure drives can't be mounted to them, etc).
Is there a published procedure to do that?
Also, if the files are encrypted on disk using Windows encryption, is knowledge of the guest user password on the laptop enough to access those files if the hard drive is plugged into another computer?
I do realize that a sophisticated hacker can probably counter pretty much any security measure. The intent is to prevent copying files off of the laptop by power users, not by hackers.
In a word, no.
If you're okay with locking down the entire drive, you can get very close with whole-drive encryption. Without this, someone will always be able to pull the drive out of the machine and connect to another one running off-the-shelf data recovery tools. Even with whole-drive encryption, it's just a matter of time with the right tools.
An encrypted drive is as close as you can come. All other measures are circumvented by simply removing the drive and installing it into another machine and are therefore simply "feel good" measures and nothing more than a minor annoyance, even for a "power user". With the drive plugged into another machine it makes no real difference whether or not the user account passwords on the original machine are known to the person who wants to read the data.
If you are concerned about a legitimate user of the laptop copying data from it I would suggest a tech approach is the wrong way to go, because your real problem is human in nature and should be dealt with appropriately.
In addition to whole disk encryption, and USB lockdown, you will also have to remove your firewire ports (physically - you can't disable them sufficiently - so remove them or fill them in with epoxy or similar) and disallow CD/DVD writing.
And have you thought about what a user can do via email, file transfer...etc?