It is not possible to block a user account from accessing the hard drive as you cannot have a local profile without one.
You can limit what the user has access to but, again, they need at least read access to the Windows directory where the OS files reside. For most everything else you can remove the read access in the file system. However I suspect you'll need to still give them read access to at least the shared files sitting in the Program Files and Program FIles (x86) folders. Additionally there are going to be other locations they'll need read access to. Personally, if they are just a standard user then Windows should already be reasonably locked down for them. They won't be able to read or modify any data beyond their own and shared data.
To allow a user to only use the web browser then you'll want to use Group Policy Editor to whitelist the allowed program(s) the user can run. In this case just the browser(s) you specify.