let me give you some background info on our setup, then I'll let you know what I'm looking to accomplish. Hopefully you'll be able to give me some guidance.

We have 5 dumb terminals hooked to an IBM AS400 that acts as our accounting/order entry server. We have 5 typical PCs for everything else. We're looking at replacing those terminals with desktops, as we're slowly migrating to a point 'n click interface for our business. Part of the migration to the new desktops will be locking them down. The biggest requirement is that the people who worked on those terminals not be given any additional reason to slack off from work (i.e. read MSFN all day :P ).

The goal is that I want to lock down any request to leave the internal network and go outside. Everything those people need will be hosted on our network, so there's no reason for them to go outside.

Do any of you know of and/or reccomend any software to accomplish that? We don't have (and probably never will) a domain controller, though I don't know if you could set that up in group policies anyway.

my searches of the web weren't that successful, so any light anyone could shed would be appreciated.

You could try one of these:

If you use Acitve Directory, restrict access through Group Policy

Using Group Policy, assign everyone a proxy server address, and then restrict internet access from the proxy server.

Have your DHCP server NOT assign a gateway address, this way it would be impossible for a user to get outside access.

MS Shared Computer ToolKit

Faronics Deep Freeze

Use Symantec Ghost to create images of your systems so that if one goes belly up, it wil be quick & easy to restore the system.

