How do I block my users from accessing all but a few authorized Web sites?

The best solution would be to install a proxy server/firewall software such as MS ISA, KERIO, or WebSense on the server and configure this proxy/Internet filtering software to allow access to specific websites. You will need to point all the clients to use this proxy server for Internet access.

The other option is to create rules in your router configuration. Depending on your router, you can edit the ACL to either deny all outbound internet traffic - port 80, or to allow for specific outbound Internet traffic – port 80. (The sites you need to allow). This needs to be the first rule in the List.

Your other option, if you have fewer users/clients, then you can also configure the Internet explorer's content advisor feature to only allow the specific sites. Once the configuration is done, the administrator can lock down this configuration with a password for restricting further unauthorized changes. But, again this is not a foolproof solution as the users familiar with registry editing can tamper with configuration thereby by-passing the security restriction.

I would suggest you go with the first solution, as it is more secure, reliable and scalable.