I am running into an issue where I need a lot of different security ideas to bring to a client of mine and am hoping someone can help

background: client is a non-for-profit organization. has a video monitor system to keep watch on ppl through out the compound. There is a PC in a central monitoring system that has been having various users accessing the internet and surfing non-work friendly websites. Most of which includes porn and other websites.

Site uses windows 2000 server with AD running, there are roughly 30 computers that connect and authenticate to this server. a couple of which are dummy terminals.

Problem: The computer that ppl are connecting to when I showed up on site doesnt NOT need internet access only intranet access to remotely connect to a local camera system. When I arrived onsite computer would login using
login: administrator with no password.

I joined it to the domain and gave the folder that controls the program for the camera system full control so that it can read and write to itself. Then set a local

Solution:
I am looking for one of multiple solutions or ideas as to what you think would be best:

Should I create a GPO for just that PC that states it is not allowed to connect to the internet?

Is there a way to make the PC startup, login automatically, open just that program in a console mode which I could lock and make it so noone without a password would be able to exit it?

Can I add it to a dumb terminal and block internet access?

Any other ideas?


On a side note does anyone know of a program similar to websense that would be either really cheap or free to implement to filter out websites?