Restricting Internet Access in Windows 7

On a Windows 7 Professional laptop, not on a domain, what's the best way to restrict access to the internet (and preferably network) to Administrator users only?

I don't want to simply set a bogus network address, or proxy. That seems far too dirty somehow.


Solution 1:

802.1 and/or NAC/NAP, if your switches and/or servers support it. By default, the laptop would only be in a subnet with no gateway. Then, if certain users can present creds to the auth system, they could be put in a non-quarantined network.

I realize that this isn't "local policy" as such, but it'll work and it's even enterprise-y (centrally managed, fine-grained, etc).

Solution 2:

I think that your 2nd paragraph is the only way since only admins can change IPs and enable/disable NICs... Just disable all the NICs.