Please do not misunderstand me but this question is asked
all the time. Do a search and I am sure that you will
find your answer.
However, really quickly: set up - via GPO - an IE setting
that gives the users in question a "bad" proxy address and
also remeber to disallow - via the same GPO - users access
to this setting. So, create an OU, place the
users/ocmputers in that OU, create the GPO and there you
have it.