Prevent / Throttle LAN clients using domain controller as gateway
We're in a remote location in the UK, and as a result, have limited bandwidth. We are using on-router bandwidth throttling to ensure QoS for all users on the network. Our domain controller bypasses this throttling to get priority of service for incoming/outgoing emails and because we deliver traffic directly to it.
A couple of users on our LAN have cottoned onto the idea that if they set their gateway to be the ip of our domain controller, they will benefit from unmetered internet connection, which causes the rest of the office problems.
Now, we've done the obvious thing - inform those users and tell them not to - but one or two remain a problem. I want to find a technical solution to a HR problem, and either prevent those users being able to use the domain controller as a gateway, or heavily throttle them if they choose to.
I'd appreciate any advice you can give, or any ideas you have that you feel might help.
More info:
Windows SBS 2008 & Exchange
ICS is currently not enabled.
The DC is used as the DNS server (and will need to continue in that role, too).
LAN clients are a real mix of windows, mac, linux and mobile devices.
It would be possible to just change the gateways on the machines, but especially with the mac's, they can just change it back.
I do acknowledge that the best solution is a HR solution, but it seems that belligerence is outweighing things here, thus the technical solution is what i need.
Turn off routing on the DC. Very simple.