Disabling Internet and using CD Rom Drive

I have some computers(5) on our network that need to be connected to the internet for e-mail and print connectivity. I need to restrict use of Internet Explorer and using the CD/DVD Drive on these computers, so they do not become movie machines or internet surfing machines. The only reason why these computers need to be connected is for e-mail and print capability to our network printers. Aside from bothering higher to place restrictions on AD, what can I do to the local security settings to ensure they can only check e-mail and print. Thanks in advance.
WilliamK99Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jvuzCommented:
If the really don't need the cd-rom drive, you could disconnect it in the box itself, and of course lock the box, so they can't reconnect it. For an other solution, it depends, are the pc's in a domain or workgroup?
WilliamK99Author Commented:
the computers are in the domain. I was curious if there was a local setting or something I could do.
jvuzCommented:
You can use group policies

Disabling IE
http://pcsupport.about.com/od/quicktips/qt/disableie.htm

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

r-kCommented:
You can use IE URL Lock to restrict what domains Internet Explorer can connect to:

 http://ieurllock.sourceforge.net/
Rich RumbleSecurity SamuraiCommented:
Users of these machines should be placed in restricted groups, like the Users group, rather than the default admin group, you can bypass AD settings if your in the admin group, and or install software like an alternate browser that ignores AD's restrictions, hosts files or proxy settings.
http://www.sysinternals.com/blog/2005/04/circumventing-group-policy-settings.html
http://www.sysinternals.com/blog/2005/12/circumventing-group-policy-as-limited.html 
-rich
WilliamK99Author Commented:
Thanks for your help, we were able to institute group policies, not the fix I wanted, but it did what I needed it to do.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.