The operating system can not distinguish general network use based on user logged on.
You can however restrict which domain computers a domain user can logon to by
configuring their account properties in AD Users and Computers. Network access can
also be restricted for users by configuring the access this computer from the network
and deny access to this computer from the network user right on the server computer.
For internet access ISA server is a proxy/gateway/firewall that can mange internet
access by domain account and groups. Otherwise you would need a third party program
such as a personal firewall that can be configured by user logged on. PortsLock is
such a firewall. --- Steve