I like Antirions answer, but I'd like to add a few things to think about with why a proxy might be a good idea. BTW, I think using your server as a proxy server is a really bad idea because that's your networks heart. If everything goes through there, you don't really have any protection if you get a virus or any malware.



I prefer, when using a proxy server, to setup a dedicated computer/server to handle it. You're probably not going to need powerful hardware or expensive software. I know FreeProxy is free and you could use that, but there are also products out there that may better suit your needs and are more configurable than it. I'm not going to try to steer you one way or the other.



There a few assumptions that I'm going to make about your network,. First, I'm going to assume that you have a firewall. If you don't, go out and buy one. For your sized network , you could buy a simple D-Link or even a Sonicwall for very little money. The Sonicwall could do all of the firewall, virus protection, proxy services, switch, and VPN all in one if you decide to go that route. Second, I'm going to assume that you want your network to be as secure as possible. Third, I'm going to assume that you're not serving anything out to the world, such as would be handled in a DMZ environment. If you're serving things in the DMZ, it's doesn't really matter, but I'd advise you a little differently if you did.



The first thing I'd do is block all unnecessary ports from leaving the internal network to the Internet. This is essential to do to prevent malware and insiders from owning you. For now, allow internal users to use HTTP, HTTPS, and FTP to continue going out from the inside network. We'll change that later, though.



Next, I'd setup your proxy server with a single NIC. There's no need for two of them as long as you're inside the firewall (ie: your proxy server is not going to be your firewall). Get everything up and tested so that your server can use the proxy server and go out to the Internet. Set your proxy server DNS up to the ISP's cached DNS servers.



Afterwards, set your GPO settings for your User Configuration for Internet Explorer to use the proxy server. Make sure users cannot change this configuration. If you use Firefox, download the ADM files for modifying it to also use the Proxy servers you setup. There are plenty of other settings you can do with the Internet Settings, but the proxy is the important one for now.



Then, once all of your users have logged off or received the GPO settings (Logging off and back on is required for the Firefox ADMs to work because it's configured via a login script), block all internal users from going out on DNS, HTTP, HTTPS, and FTP ports with the exception of the proxy server. If you're using the proxy for other services, also block those at the firewall. You might be saying "I need DNS..." However, your proxy server should do all of the DNS lookups for you.



Finally, remove the forwarders on your Domain controller DNS so that it no longer looks up Internet addresses. It will only resolve internal IPs.



Clients will not be able to change their proxy settings (but will be able to use anonymous proxy servers on the Internet through your FreeProxy server. You'll have to block that with a web content filter).



FreeProxy doesn't support LDAP, so you cannot limit your logged on users in any way that I'm aware of. That's why I mentioned considering a different proxy server (that supports LDAP).



As Antirion said, you can use GPOs to restrict your streaming media and all of the rest. You could also block using the filters to specific IP Addresses or URLs in FreeProxy, but you can easily get around that by using an anonymous proxy. A content filter works well or the GPO setting also works pretty well. However, people always think of new ways to get through firewalls. For example, the other day, I discovered Meebo.com. It's a site that does all of the major messengers via a html page... There a constant battle going on to block access and get around those blocks.



Best of luck and enjoy,

WG

Personally, I'd toss the idea of using a proxy server. Put two NIC's in your server; one to the internet, the other to your intranet. That would force everyone to go through the server to get to the web, without configuring a proxy. ISA's complex to set up, but it works like a dream when you do it right.



Then, use group policy for everything else (internet access, streaming media (through software restriction policies), etc.).



The sweetness of group policy is that you can attach it to an OU and tweak it to your heart's content; modifying/restricting/controlling whatever you want. Then, as user's rights change, it's just a matter of throwing them into a different OU.

Freeproxy Internet Suite

you clearly have a physical connection there. I would say try and readd them to the domain first, and then verify the DNS entries which I would hope are static other than that I'd verify the routing ie. does half the room physically connect on a different switch then the first half? are there damaged cables causing packet loss? sorry I can't be more help that's a bit of a pickle without being able to do hand-on

very confusing aspect. look over yahoo and bing. it could help!