There are a few computers at the back of the manufacturing plant I work at that has some dubious internet activities. While our company blocks websites, I still have workers back there reading news or non-work related functions. I would just remove the ethernet cables, but we have a warehouse management system that keeps track of inventory so they do need network access. Is there a way I could remove all internet functions? The computers run Windows XP, and while I deleted the internet explorer icon, they did get around that but took them a few weeks (typed it in My Computer) so I don't think they are that computer savy. Could I uninstall internet explorer as a way to block it? Or does anyone know any software running in the background that could do this?

Setup internet settings to proxy through a non existant proxy server and lock the setting out to all users but admins.

So just put in any random IP and it'll just naturally error out?

Just go into lan settings under interent settings and put fake.proxy.com for port 80

If your boxes are on 32-bit XP, I'm guessing they are, try Microsoft steady state (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx). It really locks things down, and you can completely disable internet explorer if you so choose.

It's a lot easier than messing around with group policies.

you could also manually input the IP, Subnet, and leave the gateway blank.

or create a DHCP reservation for those machines with the router option left out.

By cutting DHCP, I think you wont just lose Internet but also Network. Also, by leaving your internet gateway blank you'll lose Windows Updates, Virus updates, or other program updates that connect to the internet, since the computer won't, and don't receive them via a LAN server.

Both of those options seem to be more than what the OP wants.

create a new VLAN and have restrictive ACL's

you could also manually input the IP, Subnet, and leave the gateway blank.

This and lock XP down so network options cannot be changed.
Make sure they dont have Admin access.

By cutting DHCP, I think you wont just lose Internet but also Network. Also, by leaving your internet gateway blank you'll lose Windows Updates, Virus updates, or other program updates that connect to the internet, since the computer won't, and don't receive them via a LAN server. .

Will not lose access to the network, yanking the gateway entry does not make the workstation(s) lose access to the LAN. The gateway only points to the on/off-ramp from one network to another. In this case...first network...LAN...another network...internet.
Since it's a business network..hopefully they have business grade antivirus so it updates from a local management server.
And hopefully since it's a business network they run WSUS, so they'll get Winders updates via the LAN also.
Yanking the gateway, and not making the domain user group a member of the local admin group (thus they cannot fiddle with network settings) is quite effective.

'Course Steady State is a good option too.

What I do is leave the IP settings to DHCP but set a bogus DNS server. As the others said make sure they only have user access and not local admin rights.

why would you do bogus dns? so the machines cant find the lan server properly?

i have done group policy with the fake proxy, removed gateway, and called it a day.

What I do is leave the IP settings to DHCP but set a bogus DNS server. As the others said make sure they only have user access and not local admin rights.

That would break active directory from the client end (it will never properly log into the domain), and failure of name resolution of the servers.