Do you want anyone to access the internet from this PC?
if not, you can set the permissions for iexplore.exe to allow only users you want.
mind you, if this is the case they won't be able to view any html files at all, and they can't use IE to view .jpg files either. Sometimes that is good, sometimes bad, depending on your situation.
Group policy will work, but you will need to put the user in an OU that has this policy set.
That is how I do it.
You can also get software, but you shouldn't need it.
here are some instructions for group policy:
Create an Organizational Unit (OU) such as "NoInternet" or what ever you like, specifically for the clients. Create a GPO with the same name and link it to the OU.
In the GPO, edit the Proxy Settings under /User Configuration/Windows Settings/Internet Explorer Maintenance/Connection
Set the proxy server IP address and port to a non-existing proxy server. Some bogus address is fine, and then check "Use The Same Proxy Server for all Addresses".
After doing this, move the AD clients to the OU unit you created and have them restart. This will effectively block Internet browsing. I am not sure weather or not it will work for other Browser applications such as Netscape or not, but it does work for IE.
If you find that it does not work for clients that are using Netscape or other browser, you may be to able block the execution of that specific brower executable by editing "Dont Run Specified Windows Applications" Under; /User Configuration/Administrative Templates/System/
To keep Local Administrators from changing the settings in IE back to not using a Proxy server: enable this setting in group policy--User config/admin templates/internet explorer/disable changing proxy settings
Hope this helps....V