Well... Access to your accounting server are regulated with password on that server (I assume).
To regulate access to your local net I would say first passwords for your client machines. If you then want to share stuff between the workstations you set who are allowed to use a specific rescource on the machine that shares it. In 2000 right klick on the catalogue you want to share and choose you use "sharing" (I assume you use NTFS filesystem, if you use FAT32, change to NTFS).
In other words, so far you do not need another machine at all.
Things change if you want a specific fileserver. If you do you can use whatever you want (W2K Server, *BSD, Linux). If you use W2K Server you use it in the same way as you would do on a workstation (use "Sharing") On BSD and Linux you setup a Samba server. Samba use the SMB protocol, which is the one used by Windows. Setting up Samba is a little bit more complicated than a W2K Server, but on the other hand BSD and Linux are very stable, and if you like *nix systems, there is no reason not to use that. Oh, and it's free, where Windows isn't
If you want to stop users from using the internet except for pre-decided sites and functions you could try a proxy of some sort.
I've never had the need to limit users from using the internet for just browsing so I don't have many valuble insights into that. If you mean that you want to limit users from using (for example filesharing) programs and stuff (this I have done) you regulate access to ports and protocols in the firewall and maybe limit users ability to install stuff on their computers.