I don't have much experience in this field, but my gut feeling tells me that it requires 3 things:
- a firewall blocking all outbound traffic destined for port 80 (that means NO BROWSING) except coming from the proxy:
- a proxy that forwards all traffic to the firewall if it meets your criteria
- all browsers would need to be configured to use the proxy.
The criteria would need to be something along the lines of:
- if the source is PC_CEO then allow
- if the source is PC_MAgpie0001 then allow
- if the destination is ( insert list of allowed sites here) then allow
- else: block (or redirect to a page with a useful message).
As I said, I've got no experience in building such a setup, but having worked with (under?) several, I assume that this is how it works.
PC ---> Proxy (is allowed?) yes-----> remote website
EDIT: I'm real interested in knowing how to build such a setup myself, so keep us posted!
As a side note: as a user I despise such setups, but as an administrator I'd love one
I'd like to think I'd be judged on my productivity, regardless of what I'm actually doing with my time.