I manage a network with 25 servers and approximately 50 internal clients. Many of my client machines are used by contractors. I would like to secure many areas of my network from different groups of users, restrict things like ftp and certain URL access, as well as have these clients use a PAT address rather than using one of my NAT addresses.
I am considering creating a subnet. Is this the best alternative to achieve the above goals. Should or could I simply use group policies to achieve the same goals. What are the pro's and con's to my alternatives?