Group Policies Not Letting Me Edit IE9 Security Settings

Group Policies Not Letting Me Edit IE9 Security Settings

This problem has reared its ugly head more than once during the last few years.  A user complains that some feature on a  web site does not work properly for them.  For example an active-x script will not run or a flash plugin does not function.  So I go to set the security settings in IE but they are all greyed-out even for the Administrator.  You can’t customize the security zones in IE or add to the trusted sites list for any-one site
This usually happens after the users bring their laptop somewhere where it is added to the local domain and policies pushed to it etc.  As well intentioned as these policies are, they are a pain-in-the ass and cause more grief than they are worth for me.  The problem is that it is not readily evident which Policies need to be disabled/adjusted to fix this.  I usually recommend that these users stick to FireFox where possible.   

After many Google searches  on the topic and following recommendations describing which registry keys to edit and what policies to disable etc I finally stumbled on an answer that worked without fail.

Ref:
https://experts.missouristate.edu/display/csvhelpdesk/Trusted+Sites+in+Internet+Explorer+not+editable

Edit/disable these policies and you and your users can control IE as needed:

Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\

Security Zones Do not allow users to change policies
(Prevent your users from editing security zone settings. When enabled the Custom Level button and the security-level slider greyed out “)

Security Zones Do not allow users to add delete sites
(What it says)

Security Zones use only machine settings
(Determines whether Security Zones are controlled on a per user basis or or at the local machine level)

And the most important:

Local Computer Policy\Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security Page\

site to zone assignment list
(This policy allow admins to use a GPO to populate the sites in the different IE security zones but when enabled in IE7+ it prevents users from editing the sites list)