Block users from Social networking websites while firewall is down

Solution 1:

Buy a 3G USB dongle thing - put it in a safe, give it to a user when they need to update the blocked content, take it from them when they're done.

Ghetto yes, but simple.

Solution 2:

So your company maintains a current Facebook page, yet prevents your users from accessing it? Bizarre. If your AUP discourages access to non-work (although "non-work" is debatable considering you have a FB page) sites during outage periods you could just collect the traffic logs. Provide management the list of users violating the AUP during the outages. A brief, personal, talk from HR/Management goes a long way.

Maintaining a host file for lots of users is painful. If you provide DNS for your clients you can easily blackhole anything you want. Proxies would still be an issue but I'm assuming your AUP would already address the use of them.

Solution 3:

Sounds like a terrible jury rig. Firewalls are designed to block certain machines, and let certain others through. Just give your managers static IPs, and allow access from those IPs, and your problem is solved. Sonicwall has a CFS exclusion list for this exact purpose.

Of course, your managers are probably also going to use Facebook, once they have free access, but that's life. You'd be better off allowing everyone and monitoring their usage. If it gets to be a problem, fire them. Blocking policies aren't much of a solution, and they tend to make people bitter.