I would configure and define user groups and then restrict them using the registry as shown in the methods below

http://articles.techrepublic.com.com...1-5193303.html
http://www.pctools.com/guides/registry/detail/969/

You can also block website by configuring the hosts file such as the method shown below and then restrict any modification by users other than the Admin

http://www.mvps.org/winhelp2002/hosts.htm

for example an entry in the hosts file such as 127.0.0.1 passionford.com would block access to passionford

Using any application to restrict another application is pointless as it clearly shows what you have to attack to work around it