This question again. Your basically turning back the clock 20 years to when the Internet was introduced to businesses and want all the benefits of the Internet without any of the issues and think technology would be a solution, it isn't and it is COSTLY to implement.
Please listen, this is a MANAGEMENT ISSUE, and potentially a legal issue that can get your company in a load of hot water. You need your management to discuss with HR and Legal on requiring ALL employees to sign a document outlining Company Expectations and Limitation on Company Resources. This is STANDARD legal form to protect your company, because if you SINGLE OUT people, you open yourself up to lawsuits about racism, sexual preferences (HE gets internet but SHE doesn't), etc. So you hold a ALL HANDS meeting, you explain exactly what the document states, which basically HR and Legal should have it is common sense stuff, can't call 1900Porn lines on company phones, can't take home office furniture for personal use, can't use the copier to print up racist fliers, etc. etc. etc. This would include also what is allowed and what the Internet usage isn't allowed on the computer. EVERYONE is required to sign, anyone refusing to, you politely say, we are sorry you no longer wish to work here but this is a requirement for employment and we are sorry to see you leave. THIS MEANS ANYONE, so you aren't biased in any way.
Now as for the technology side, this is what a IT Department is for, which includes many other things that a Business Systems Analyst would provide in a complete assessment, especially RISK ASSESSMENT (again Business 101). First and foremost you need to be on a DOMAIN STRUCTURE. A Domain is a way to control and grant access to networked resources through a secure validation system. In a Domain structure, the account logged in can be monitored (which is needed for both HR and Legal if your trying to stop someone from improper usage of the internet to justify before the judge you had good reason to fire someone looking up Child Porn on the company computer and was that person not someone else sitting at the same computer as they assert). This also assists to ensure say Bob the Intern from seeing Alice the CFO is increasing Jamie's paycheck just because Bob was looking through all the files on the computer one day bored.
All users have now signed a document legally binding them, you have a domain to control how / when and what they can access on the network, now you want to work on filtering and security, this is what SonicWall or Cisco built in FW can accomplish with PROXY settings. Everyone can't get Internet Access, they access the FW which in turn validates the web address and potentially the content of that page through a service that keeps track of these sites (they change by the hour in many cases). So people don't type in BIG FAT HOOTER WHORES and then sitting there laughing at large topless women on your Company computers (everyone together: BIG FAT SEXUAL HARASSMENT LAWSUIT against you personally, each member of management AND then the company). This ties into the normal Active Directory account also (If this is a Windows based Domain) and will link the access authority (HR does need to access about BREAST CANCER COVERAGE for your medical policies, so you can't ban the word BREAST for example) and also provides a paper trail (as mentioned above) to provide a legal basis for disciplinary actions.
Since you need a Proxy to now get 'out' to the Internet now you need to set up SCCM so patches can be downloaded by the IT department and pushed from the server to all the computers to patch them for all the security / fixes that MS issues on it's products. Same for the Antivirus, you again need to have it centrally managed so you can again push updates and force scans on computers since it can't "automatically" just get the patches on its own.
And so on and so forth. As you can see this is going to cost your company, but that is the cost of business when talking Medium to Large. For Small Business, they take the 'risk' and just deal with the signed legal document, and keep a oversight (babysitting) on everyone, and deal with it on a case by case basis.