the basic applescript would be something like, which you should be able to modify to use through ARD:
-- parse list of short user names of current accounts
set currentUserList to paragraphs of (do shell script "dscl . -list /Users")
-- parse list of alowed accounts; file should be a return delimited list of short user names
set allowedUserList to paragraphs of (read "/path/to/textfile.txt")
repeat with thisUser in currentUserList
if thisUser is not in allowedUserList then
do shell script "dscl . -delete /Users/" & thisUser
do shell script "rm -rf /Users/" & thisUser
be very careful: "dscl . -list /Users" will include a ton of hidden system accounts that you should not delete if you want your computer to continue working - you'll either have to find a better way of generating the list or do something to make sure those accounts (and any future accounts apple might add) are preserved.
to do this retaining only admin accounts, you'll need to find away to get the system to tell you which accounts are admins. I'm not sure how to do that, but I'm looking into it; dscl and account administration isn't really in my strong suit.
Actually, I got this to work as a LogoutHook.
# Logout script to remove nonadmin accounts from Users folder
# If user is an admin, exit script
if [ $USER = "usernametosave" ]; then
# the next 2 lines could be substituted for the previous line
# dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
# if [ "$? -eq 0"]; then
echo "LOGOUT: admin folders will not be deleted."
# If home directory exists, delete
if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
And then you make the script executable and write to the com.apple.loginwindow file. Then each time someone logs out it runs the script.