Read what you can do with restrictions at http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/regentry/93231.asp
I have a user on the network that usually goes to potentially malicious websites on the Internet.
Talking to him wouldn't help, so I took some drastic measures and disabled ActiveX completely.
Only recently I've found out that he went back to the security settings and changed them back to the default, re-enabling ActiveX controls.
How would I prevent him from touching any of IE's settings?