I've got a client with a Windows 2000 Server network set up in two separate locations. Each location has about 40 client systems and a single server. All clients are running XP Pro. The problem is... this is exactly as much as I know about their network. I do have access to the server on-site, and the client machines, with admin access.
The client is looking to block all Internet access to all but two computers in their network, with the exception of three sites. My theory is that the easiest way to do this would be to set up a proxy server on each machine that loops back to nothing, and add those particular sites to the exceptions list. I can do this from each computer, but if I go that route, it will take quite some time, and there's always the possibility for the user to just go in and uncheck the proxy server box. (I guess they could also install Firefox/Chrome/etc from a flash drive, but that'd be obvious, and specifically against their rules.)
I'm not that familiar with Windows 2000 Server. I'm guessing there's a way to (a) restrict access to the Internet Explorer / Connections tab, and (b) do this from the server without having to access each computer. But without a 2000 Server in front of me to play with, I haven't a clue how to do it.
The only other hurdle I'm aware of is that the users aren't in any kind of group. So I can't just use a blanket policy on all users, or else it'll lock out the people who do need full access.
Any ideas where I should start here?