Basically I want him to only be able to log onto the VPN in order to use Remote Desktop to use HIS machine. Not surf the internet or do anything like that, but just use the programs on his machine that he doesn't have at home.
We use a Sonicwall NSA 220 with their regular VPN client.
I can create a user for him, but when I create an access rule it applies to all VPN users. How can I make something like that only apply to ONE user?
One issue that immediately comes to mind is that once he remotes into his computer, he's going to have the same access to the internet and internal resources as he does when he's physically in the office. By the sound of your question, it looks like you're aiming to restrict him to his computer and his alone while on the VPN, which you can do on the SonicWall (edit the user, click on VPN Access tab, add an object for his IP address), but the will only limit communication from his home computer to his work computer, this will not limit his access of his work computer to the rest of the network. So he'll still be able to access the rest of the network through HomePC-->WorkPC-->RestofNetwork.
At any rate, to experiment with different options, you can achieve the VPN access limitation by modifying his access by editing his user. After you've added his individual access rights, check what access rights he's gaining through the groups he's a member of.
Edit: Now that I think about it, I don't think you can restrict him to a single IP address on the remote side... I think you have to grant access to the entire subnet.