You should use a Proxy server to limit access. That way you control by group, who has access.
The C&D way to hack it in would be to destroy either his Gateway or DNS entry in his IP properties. Which one, would depend if either are used for internal apps. This whole C&D hack however, is security by ignorance.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
