Jay wrote to All at 22:01 22 Sep:

 JF> Now...these people who currently have access (say...5-6
 JF> administrative staff) have complete access to everything.
 JF>  
 JF> We're trying to allow two or three more employees on, but they
 JF> should have access to only the websites they *need* access to...for
 JF> example, the website they file insurance on.
 JF>  
 JF> I've got hostnames and IP addresses for those allowed sites...  
 JF>  
 JF> how do i control access ?

Jay, I saw a response to you about using another product, but no response
directly to this question.

The answer is .. as you may well have figured out by now .. you cannot.

MS Proxy Server does not have the capability to restrict access by user
account. It can restrict by IP network, service, or port. Theoretically you
could create dual subnets on the same physical LAN, but that's a complex
solution and has ramifications beyond Proxy Server. It also requires a
router to be installed on the LAN in order to transport packets between
those two subnets.

Essentially you'd need to install a second MS Proxy Server, and set the
default gateway on the restricted desktops to the alternate proxy server --
but even that's no guarantee that the users will not 'switch' to the
unrestricted proxy server.

What you really need to do this is a full-blown firewall, and there are
dozens to choose from. My personal preference for small networks is the
GnatBox product (http://www.gta.com). For small networks, the product runs
on a diskless P133 with 32MB RAM, and supports a web-based configuration
interface, DHCP, DNS, SMTP Proxy, and a number of other services.

---