user4fun is right on the first part..
To answer your question, it depends on how your network is set up.
I am assuming that you have all the PCs in the same IP range, and you likely have a modem/router with a few switches connected to it.
If your network admin has manually issued IP addresses to all the PCs in the network and they do not aquire their addresses via DHCP you can:
1. Remove the DNS server addresses from the network settings.
2. Create internet access rules on the router that will deny access to these PCs.
If their addresses are aquired by DHCP it is a defferent story. You will have to reserve the addresses issued to these PCs (if possible) and deny them access by creating internet access rules on the router that will deny access to these PCs.
I won't even go into creating vlans on your network, apparently the setup is low level and that would only cause you more problems...