Well in a backhand sort of way. You can configure a "bogus" proxy server for users
that will prevent them from accessing the internet ONLY from Internet Explorer. That
is done via user configuration/Windows settings/Internet Explorer
maintenance/connections. Of course you will also want to block user access to IE
connections settings. To insure no access, you can configure ipsec filtering policy
at the machine level that will apply to all users that logon to that machine. A
mirrored rule for block all IP access, and then a mirrored one for permit local
subnet would work. See the link below for how ipsec filtering is done. -- Steve
