Quoting primesuspect

Is it easy though? The bossman is not at all computer saavy

also: isn't that just a blanket policy for the whole org though?

The bossman wants specific computers to have different policies; some all-open, some blocking social networks, some blocking other stuff, etc.

First it's ridiculously easy and even if you are using other means I'd still suggest putting this in place (just the free version) as a catch all filter. Their DNS servers are fast and even their basic ad-filtering and other catchall's work great.

If you want to get more specific policy use then you'd need the deluxe version. I haven't fully delved into it enough to know if you can setup specific per user based policies. But at the very least you create bi-pass passwords so users with that password can get through.

Now depending on how picky your boss is this may not do all that he wants. But depending on how much he's wanting to pay there are sometimes compromises that need to be made.

One thing is you can literally get the free version of OpenDNS up and running in about 15 minutes and nicely configured with a good blanket policy - and tested in about 60 minutes and that requires no hardware or software investment.

1) Sign up for an account
2) Point your last step external DNS pointers to use OpenDNS.
2a) If you have a static IP just create the network
2b) If you have a dynamic IP you have to install some software so that OpenDNS gets updated to know which network you are coming from.
3) Start turning on some rules
4) start testing on various computers.

It's that easy.