I work in an environment where we have public access to our information. This information can be viewed and researched any time for free. However paper and digital copies of the information to be taken away must be paid for. Recently the honor system seems to have fallen down as some researchers have been emailing themselves gigabytes of data from our research computers.
Time to restrict access.
Points to note: I don't control the DNS; the OU that these computers reside in is the ONLY one that should be restricted; there are legitimate reasons to be accessing the internet from our research computers, so we just want to block access to web mail; the solution needs to work for both IE and Firefox, on a mixture of Vista and Win 7 computers.
So far in my research, the hosts file seems to be the 'best' solution, but it's clunky, inflexible and wont accept wild cards.