We have group policy setup at our company something similar to the setup below
Domain Policy
OU Policy
The domain policy is set to enabled for "Do not allow users to enable or disable add-ons" under "Computer Configuration\Administrative Templates\Windows Components\Internet Explorer". Now that settings also refers to a "Add-On list" which is an exception list, I believe located "Internet Explorer\Security Features\Add-on Management". I have configured the exception list for my OU using our OU policy, it includes the CSLID for adobe flash and real player (the add-ons arn't really important I'm just naming those two for simplicity) and I've set it to a value of 2 (allow user enabling/disabling of add-ons).
However the problem is that it makes no difference, users still have no control at all over flash and real player.
