If you're really set on using technology to stop the Internet access, you may be able to block the computer's MAC address, either by explicitly forbidding traffic from that MAC address or by creating a list of acceptable MAC addresses for each of the other clients on your network. Of course, there's nothing to stop the employee from changing their MAC address, so it's hardly foolproof. Other than that, you could setup a proxy server that requires authentication, and give authentication credentials to the other users on your network. If you had the ability to control the software configuration on the employees computer, I would suggest using Group Policy Objects to restrict the employee from running Internet applications, and to remove the employees privileges to change the IP configuration—but it doesn't sound like you can control the software on the computer.
This was first published in February 2004