Is it possible to use group policies to restrict access to websites? I've got several different user groups and would like to limit one very strictly, one not so much, and then admins with no restrictions. If this isn't possible using 2000 server are there other programs that can do this from our existing domain controller without putting it on each machine individually?

To restrict access to websites you need either NT Server Proxy Server, or IAS for Windows 2000 Server. Seeing as IAS is very expensive, i would set up a cheap station, but NT4 server on it then Proxy Server 2.0. You can pick it up on ebay really cheap.

Other than that you can use a linux proxy as i do on my networks, any distro will be ok that can run squid and from here you can control access.

The only thing you can do in GPO is to remove someones webaccess altogether. To do this create a new policy and alter the IE setting for the proxy to about:blank. This will remove all net access.

Jake

-------------------------
Main:
AMD Athlon 2600+ 333Mhz Thoroughbred | 512Mb in 2x 256Mb DaneElec DDR PC2700 | XFX NF2S-ALH with nForce 2 400Pro | Asus GeForce FX5200 128Mb Magic! | Creative 5.1! Live! | Maxtor DM+9 80Gb and Maxtor DM+8 20Gb | LiteON 832S DVD+-R/RW Dual Layer 8x | LiteOn 48x12x48x CD-RW | Full Black server case with 500W PSU | Relisys 17" Monitor | Wireless Optical Mouse | Logitech Surfer | XP Professional SP1

Server: Intel (Oh no!) 2x Pent