You do not want to put this under the Global Block rule set. Leave the Global Block for blocking web sites or user IP's.
Instead, you want to have a rule that authenticates ANYONE trying to get to the internet. If they do not have a domain account, they cannot get to the internet. Use the rule Authenticate and Authorize. Make sure it is before your URL Filtering ruleset. This will make any request to a HTTP or HTTPS site have to be authenticated. If not, the connection just gets dropped.
I asume you are using NTLM Authentication and your Gateway is joined to the Domain.