Sara:
You seem to want a plug and play solution, this is "free" (as in no licensing cost) because there is no real support. The level of support you're asking for is the reason that companies like Barracuda charge so much for their Web Filter product. So if you don't get the needed level of support, remember that Jinhee is developing this for free...if he helps you, that's great, and nice of him. However, based on what you're asking and how you're asking, you may need something like the Barracuda Web Filter product. THEY will give you spoon-fed instructions because you're paying them to.
That said, you do need to run this on a dedicated system OR a dedicated IP address.
I have mine setup in my office on a single server (approx. 20 users, NX Filter running on a member server, non-domain controller, not running WEB SERVICES / IIS and not running DNS). I setup NX Filter to run as a service (I had to install JAVA on the server), and I configured it to import my Active Directory DNS zone and synching every hour so that it has a record of all Active Directory objects. I also had it import all users in Active Directory by specifying the Active Directory DNS server IP, giving it an admin user credentials to bind to LDAP and import Active Directory users / groups. To do this, I specified the TOP of my Active Directory tree rather than importing just a single OU (although you CAN go that route if you like). I did this by specifying the LDAP / Active Directory tree context as: "dc=domain-name,dc=domain-suffix". So if your Active Directory domain name is "mycompany.local" then I specified "dc=mycompany,dc=local".
I left the default policy in place and set it to LOGGING ONLY so it's not blocking, just logging everything (for now) and added one additional user for un-authenticated users. I named the user "IPUser" and set the subnet to the local subnet of the office where NXFilter is installed. To do this, add the user named "IPUser" without quotes under "config --> user". After adding, EDIT the user and add your local SUBNET range (i.e. 192.168.1.1-192.168.1.254). This will prevent people from having to SIGN IN to the NXFILTER system in order to browse / be logged.
Additionally, for the Active Directory to track by userid, I added the NXLOGON.EXE with the IP address of the server running NXFilter specified in the user's login scripts (i.e. copy NXLOGON.EXE from the NXFilter folders to Netlogon share and add a line to login scripts of: \\servername\netlogon\nxlogon.exe 192.168.1.15).
The last thing that I did was update the DHCP scope for PC's on the network so that they were getting a DNS address of the server running NXFilter. The result of my installation is a silent monitoring of all sites that everyone goes to with a full report able to be pulled for 60 days I think...this length is configurable. In the report, users are identified by PC and by USERNAME because they ran the NXLOGON.EXE process. If users do NOT run the NXLOGON.EXE process, then they show up in the report with their correct IP address and a username listed as "IPUser"
I hope this helps you!