I am the administrator and don't know what to do.  That's why I was replacing servers and editing the ASA.

I am a bit puzzled by this statement "At one time someone put a split-tunnel in the firewall to permit Internet traffic on VPN, but maybe they did not do it correctly." The typical implementation of split tunnel for Remote Access VPN is to have corporate traffic use the VPN and to have Internet traffic use the remote ISP connection and not the VPN. We do not know how your VPN was set up and what kind of split tunnel (if any) is configured. Perhaps you could post a sanitized copy of your ASA configuration and we might be able to give better advice.

What if we want Internet traffic to be filtered (people not doing bad things on their work laptop) while users are at home on VPN through their ISP?  what can be done about that?  Is it standard prctice to use a split-tunnel?

There are always the possibility of local conditions that are exceptions to the norm, but in general there are 2 approaches to Remote Access VPN:

- tunnel everything. In this approach the ISP connection is used to establish the VPN connection and then all traffic from the laptop is sent through the VPN to corporate, and all Internet traffic is subject to corporate security policies and filtering (nothing is sent from the laptop to the ISP to get to the Internet). This approach does increase the amount of traffic that the corporate firewall must process, and does increase the bandwidth requirement for the corporate Internet connection. But this approach is the most secure and organizations who adopt this approach realize that this increase in resource requirements is just part of the cost of doing business securely.

- split tunnel. In this approach corporate traffic is sent through the VPN to corporate while all other traffic is sent directly to the remote ISP. This approach reduces the demand on corporate Internet resources, but does not protect what the user is doing on the Internet.

If you (and your organization) are concerned about protecting users who are on their laptop at home, it is a pretty clear choice that you should remove any split tunneling that is configured on your firewall and make sure that your Remote Access VPN uses the tunnel everything approach.

if I remove the split-tunnel how do ensure all traffic is routed trough VPN?

If split tunnel is removed then when the vpn is active there is not way out except the vpn. If you want to be sure about that then probably the best thing would be to do a traceroute to some destination on the Internet. The traceroute should show traffic going to the vpn head end and then being routed to Internet from there.

To turn off split-tunnel do I simply choose "Tunnel all Networks" as shown in the picture?

Yes I believe that this would do it. 

What does the "inherit" check box mean?  do I need to check that,  does that Mean it will tunnel what ever is in the regular ACL list?

The inherit check box means that it would inherit this policy from a higher level policy. I believe that there are several places where you can make selection between split tunnel policy and tunnel all policy. You would need to make sure that none of those places selected the split tunnel option.