If you dribble out the information, one needs to make assumptions. One such assumption is that the user doesn't have admin rights.

To answer your fist question, the command-line tool you need is XCACLS from the reskit. With it you can change ownership and permissions. The caveat though is that you need admin rights to use it. If your users are logging in with admin rights, then no problem, else you need SU.

If you don't want to go the SU route, then run an admin script as an admin user. Within the script you need to test whether the temp files are there (easy with if exist). Then you need to test whether the application is running via TLIST (reskit). If conditions are right, delete.

Personally, I would check user permissions in the logon script and if OK and files exist, then delete else write to a log that admin script can pickup. I guess it really depends on how many machines you're talking about vs. how much effort to do it cheap-and-dirty. SU could be more elegant but much more work up front.

Hope this helps.