I do not know if this will work for you but currently we installed a program called DNS crypt and setup all the computers to use the Loopback address for DNS lookup which uses open DNS, we then are able to do alot of the filtering there.The user has to have the program on and running otherwise they will not be able to acess the internet, which in turn means they cannot at the time bypass open DNS filtering. If a user does perhaps bypass the filters we also use a program called netspypro which we configured to log all browsing history and have configures it to take a screen shot when a user visits a specific page like youtube or facebook. With that program you can view it as it happens real time and log in and do alot of other things. When I worked for apple there is another program we used to monitor employees similar except you could see all the employees screen at the same time so we setup a few monitors just for that.