Before I describe my problem, some background:
I have setup a network for a small non-profit organisation. The clients, a SBS2003 server and an integrated ADSL modem/router are all connected back to a 16 port hub. Currently, as soon as I plug in a computer, NAT kicks in and the Internet is connected. Due to the non-profit nature of the organisation money is not plentiful.
I want to connect one of the clients (a Windows XP Pro computer) to the network so that it can join the domain and access files from the server; however, because the client computer is in a public area, I want to stop it accessing the Internet.
I need to prevent Internet access with minimum cost, but also maximum security. Some of the people who will have access to the files from the XP computer are very computer literate and not very trustworthy.
Any suggestions? I am interested in both hardware and software solutions, but as already mentioned, costs must be small or the solution will not be workable.