Like Bob said, you're going to need something like Active Directory to do what you want.
You need to understand that Windows is designed with security being a very distant second to usability. Microsoft's corporate culture is still stuck in the pre-Internet era, when every computer system was pretty much an island unto itself. This is how they still design their operating systems. The whole "Internet revolution" Bill Gates is credited with creating inside Microsoft amounts to little more than tacking on a few Internet related features, such as bundling a web browser with the OS.
As a company, Microsoft still doesn't "get" security. Some departments do, to their credit, and they come up with expensive little add-on packages like Active Directory to help address some of these problems.
IMO there are better ways of going about things. I know the IT mantra is to give users only the access they need to do their jobs, but sometimes that isn't possible, so other options are needed. For example, just make it clear that the IT staff can do random inspections of a system at any time if they have cause, and that this can be done remotely without the user's knowledge. And that if a user seems to have a disproportionately high number of problems, which are clearly user caused, that some sort of penalty may be imposed. It's up to your company to decide on an appropriate penalty... From being required to take some kind of basic computer course at their own expense, or not being eligible for things like a Casual Friday or telecommuting for some period of time... Something to try and curb repeat offender's behavior. I'd also go around to every desktop system and remove all obvious links to IE, and replace them with either Mozilla Firefox or Opera links, making either one the company default browser. So if someone goes out of their way to use IE, and then the IT staff gets called out frequently for malware related issues, that would qualify as user initiated errors that would make them eligible for some sort of punishment. You should also remember to reward the good behavior... You could just print off simple paper certificate awards for people who haven't called the IT people for help in some number of days, and maybe have a small ceremony once a month honoring some randomly chosen member of the problem-free pool. Give them some small trinket reward, like a gift certificate for a nice restaurant or something. It doesn't have to be much, just some simple recognition of the desired behavior is all that's required.
With a little luck, people will tend to police themselves, rather than you having to do it all. The rewards issued will likely cost the company far less than the costs associated with fixing the problem, and it's a nice little moral booster. It makes people feel like their efforts aren't going unnoticed.
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic