I (we) wrote some custom policy templates for this. You can either use these templates with GPO's ... or use the Kixtart WriteValue registry function to poke them directly ... here's the template for the USER INTRANET zone. To poke the INTERNET zone, just change the key as detailed below. If you need assistance using WriteValue, don't hesitate to ask.
Intranet
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1"
Internet
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
Code:
CATEGORY "Internet Explorer"
CATEGORY "Zone Settings"
CATEGORY "Intranet Zone"
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1"
POLICY "Run components not signed with Authenticode"
VALUENAME "2004"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Run components signed with Authenticode"
VALUENAME "2001"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Download signed ActiveX controls"
VALUENAME "1001"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Download unsigned ActiveX controls"
VALUENAME "1004"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Initialize and script ActiveX controls not marked as safe"
VALUENAME "1201"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Run ActiveX controls and plugins"
VALUENAME "1200"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Script ActiveX controls marked safe for scripting"
VALUENAME "1405"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "File download"
VALUENAME "1803"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Font download"
VALUENAME "1604"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Microsoft VM Java permissions"
PART "Java permissions" DROPDOWNLIST
VALUENAME "1C00"
ITEMLIST
NAME "Medium safety" VALUE NUMERIC 131072
NAME "Low safety" VALUE NUMERIC 196608
NAME "High safety" VALUE NUMERIC 65536
NAME "Disable Java" VALUE NUMERIC 0
; NAME "Custom" VALUE NUMERIC 8388608
END ITEMLIST
END PART
END POLICY
POLICY "Access data sources across domains"
VALUENAME "1406"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Allow META REFRESH"
VALUENAME "1608"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Display mixed content"
VALUENAME "1609"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Don't prompt for client certificate selection when no certificate exists"
VALUENAME "1A04"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Drag and drop or copy and paste files"
VALUENAME "1802"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Installation of desktop items"
VALUENAME "1800"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Launching applications and files in an IFRAME"
VALUENAME "1804"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Navigate sub-frames accross different domains"
VALUENAME "1607"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Software channel permissions"
PART "Channel permissions" DROPDOWNLIST
VALUENAME "1E05"
ITEMLIST
NAME "Medium safety" VALUE NUMERIC 131072
NAME "Low safety" VALUE NUMERIC 196608
NAME "High safety" VALUE NUMERIC 65536
END ITEMLIST
END PART
END POLICY
POLICY "Submit non-encrypted form data"
VALUENAME "1601"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Userdata persistence"
VALUENAME "1606"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Active scripting"
VALUENAME "1400"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Allow paste operations via script"
VALUENAME "1407"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "Scripting of Java applets"
VALUENAME "1402"
VALUEOFF NUMERIC 3
VALUEON NUMERIC 0
END POLICY
POLICY "User Authentication"
PART "Security setting" DROPDOWNLIST
VALUENAME "1A00"
ITEMLIST
NAME "Automatic logon with current Username and Password" VALUE NUMERIC 0
NAME "Automatic logon only in Intranet Zone" VALUE NUMERIC 131072
NAME "Prompt for Username and Password" VALUE NUMERIC 65536
NAME "Anonymous logon" VALUE NUMERIC 196608
END ITEMLIST
END PART
END POLICY
END CATEGORY ; Intranet Zone
