Im not getting a clear picture of your request.
Do you hav a router in your setup?
Is your win server acting as a default gateway?
Do you have a firewall in your network?
Bt based on the infor you gave, l guess your Win Server will be acting as a server, firewall, and default gateway(router).
If thats what you are having in mind trying not to splash more cash on hardware, that route will eventually cost you more both in time spent maintaining the server and being forced to buy relevant hardware at a unplanned time.
Servers are meant to server, you can filter what it saves to clients bt asking it to do a job meant for firewalls is too much. Besides, it becomes an open target, depending on the sensitivity of files it caries. It might end up saving viruses into your network and become a nest for all evil deeds.
My advice is to have a dedicated firewall where you are going to create all the filtering rules. Then all your clients can have the address of the firewall as default gateway where rules are gona applied depending with client.
If your server is serving both public as well, l would suggest you create a dmz. This will allow outside clients to access the server, bt get blocked when they try to go into your network. For this, you will need either a second firewall or a router where you can put access list.
Also make sure your server does not initiate any connection request to your internal network as this can be used by hackers to evade firewalls and use the server as a stepping stone to attack your private network.
If you can not afford a firewall but you have old PCs not in use, you can convert them into a firewall by install a free linux firewall OS, here is a link to choose from;