By creating a GPO, u can definitely do this job ! as u want step by step, here u go….
1. Create a new policy in GPMC by right-clicking the domain > New. (provide any name)
2. Right-click on the newly created policy & press Enforced to check it
3. Select the newly created policy in the left-hand pane, and select Authenticated Users under Security Filtering and press Remove, and OK to prevent the policy from applying
4. Using GP to implement IE settings as navigate to user Configuration / Windows Settings / IE Maintenance tab (whatever it is) in the newly created policy
5. Right-click IE Maintenance tab & select Preference Mode
Navigate through Connections and double-click Proxy Settings (Preference Mode)
6. Now check “Enable proxy Settings” and use the same proxy server for all addresses, Remember, never use use proxy server for local addresses.
7. Type 127.0.0.1 (localhost) on address of proxy and 80 into port. (generally post is 80)
Click OK and close the new policy.
Now to prevent a particular user accessing the internet…..
Select the newly created policy and press “Add under Security Filtering”, select Advanced dialog to locate and select the user by pressing OK and If the user is logged on, force the policy to update.