I have tried numerous web filtering products like CA Gateway Security Suite, WebSense, ISA Server, Sonicwall Content Filtering. But the best one to date has been Scansafe's Cloud Based Web Filtering. Google & Kaspersky have oem'd with Scansafe and re badged the product as their own web filtering solution.
It is really easy to set up and achieves Active Directory connectivity via a connector based on a machine within the domain.All clients connect to this machine as their proxy server and it then communicates with Scansafe's servers.
It is fairly easy to modify group policy settings , to specify a proxy server and then remove the connections tab. But this only applies to Internet Explorer.
A really easy way of blocking alternative browsers is using Applocker with Windows 7 and Server 2008R2. So using App Locker you can block access to Firefox,Chrome,Safari,Opera etc...
WPAD used to be an easy way to publish the proxy server address via DHCP or DNS prior to a security patch from Microsoft in March 2009.