I have a couple or more ways to curb surfing at work. It drives me nuts, because I try to allow my staff to have some freedom, but they always abuse it.
The simple thing is to remove the default gateway from the NIC card, and just tell them Internet is down for one week until you can use it correctly.
Sharepoint still works and they can access everything on the server with their IP address and Subnet mask. There is always an issue if they absolutely need access to certain sites, which I then have to do a different way. Sometimes, I will designate another computer with Internet access to allow them to get out if need be, and then it is obvious they are on the Internet.
I have a strict policy again webmail as I want them using Exchange Server and Outlook so I can monitor email.
