Setting User Permissions on Windows XP Pro.

start > run > gpedit.msc

from there you'll find something under  user configuration / Administrative Template

lots of goodies under there.

it's not as easy on a standalone computer as apposed to a domain client, but the idea is the same.

i'm guessing you didn't find what you were looking for in the control panel > edit user > account permissions?

moreover, it is free.

the best practice is physical security however - if there's no physical path to the internet (except when you're on it) then there's no way to access it...

Last week i found a video on YouTube for something i was trying to do in an unfamiliar OS when the tutorial that worked perfectly was narrated by a 5 year old (at least it sounded convincing that he was only 5)

kids grow up with technology surrounding them and will find a way around anything with time.

was reading about windows steady state will test it out tomorrow. I just hope it can do this for user profiles on local system rather then setting permissions for remote user access.

Steadystate is good application, you can try that,

for GP

https://www.experts-exchange.com/questions/23588830/Block-internet-access-for-one-user-on-a-computer.html

Bit defender is a cool tool that allows you to allow and disallow users certain access, including parental control

http://www.bitdefender.com/2011/row/2in1security/?sem_region=ZA&utm_source=Google&utm_campaign=ZA_BitDefender&sem_type=search&sem_placement=&utm_content=6570904638&utm_term=BitDefender%20antivirus

A simple password protected blocking tool is Winguard Pro. Install it and set a password only you know. The free version will allow the control you want without getting into the registry etc... If your children need to pull something down from the internet on their account you can enter the password to allow that connection while your present.

I would think that two issues are involved.  
First, you need to setup a user account in Control Panel for each kid.  They should be Standard Users - NOT Administrators.  This prevents either one from installing programs.  Of course, your account should be password protected.  Their accounts do not need to require a password.
Secondly, you can use a program as suggested above or consider locking down the network by:
A.  Using the OpenDNS program or their Family Shield product http://www.opendns.com/familyshield to enable the internet, but block bad web pages.
B.  Use Window Live Family Safety with restricts access by user name (now established in the first step) to time of day and web content with reporting available for the parent!   This is in Windows Live Essentials  http://explore.live.com/windows-live-family-safety?os=other  which can offer the kids free email and more.   (Restricting sign on times can be 24 hours - no logon)