Use a proxy - I'd say Squid is the best free one around. On the gateway, block everything except HTTP traffic and within Squid config, you can block whichever file types you like. You'll also have to then configure the proxy into your standard image.
Quick walkthrough on Squid content filtering http://www.cyberciti.biz/faq/squid-content-filter-block-files/
You'll need someone that is semi unix/linux competent to set this up. (edit: sorry, seems like you can run it on windows now too... *cringe*)