Firewall appliance, or even some SOHO routers will do this for you.
However, if you do not want to spend any money, you can ‘play around’ with the local LAN.
My first thought was to edit the HOSTS file. Add specific entries that are valid for websites that are allowed. Then add the blocked sites…. If you need help on waht a host file is … google it.
To block the site, just point the address to the loopback address. I use this list on occasion..
It is a host file. Just add your allowed exceptions. Distribute this file from your domain controller, or add it to each machine individually.
The next method is easier for an end-user to figure out, but is simpler for you to implement. This will block ALL traffic…
Set the proxy server of your client computers to either themselves (loopback) or to the Intranet server.
Tools > Internet Options > Connections > LAN > Proxy Server 127.0.0.1
You can implement this through a group policy as well, which makes it easy to administer.
I was able to send email regardless of either setting, but that may be my configuration only. Test your implementation throroughly.