ok first of all, for separation of the network, you will need to set up a few VLAN's, this is normally best on a firewall although a router can control ACL's also just not to the packet level. However since you mentioned other business's utilizing the same T1 a Firewall will be your best bet.
As for your domain or workgroup, depending on how you have your business set up. A domain may be advisable so you can have all your data backed up to a centralized server.
Now monitoring computer use, this can get hairy real quick. First of all from the legal side, your employees will have to acknowledge that you could monitor and even then you have some issues also. You should consult your legal adviser (knowledgeable with computer use and internet usage laws) to make sure you don't screw yourself in the long run. I'll say this once, you just can't track everything an employee does on the computer because they are your employee, doing so could open you up to fines and legal repercussions your employee could take against you.
The best thing you should do is bring in some professionals to set up your network and domain. If you grow in size maybe hire on some dedicated IT staff. As a side note if you just wanting to make sure your employees can not go to certain websites, you will just need a web content filtering appliance. These used to be separate devices (http://www.bluecoat.com/products/webfilter
is one example). Now many UTM's (Next Generation Firewalls) have this as a service (http://www.juniper.net/us/en/product...g-series/ssg5/
is an example UTM). Regardless bring in some experienced professionals even if just on a consulting level to get you set up properly.