How can I manage Internet Explorer Security Zones via the registry?

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

AND

HKEY_Local_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

The values that are located in both keys are additive. If a Web site is added to both keys, only the HKCU sites can be seen in the GUI, but both settings are enforced.
If you only want machine based settings to be enforced, copy and paste the following to a HKLM_Only.reg file and Merge it with the computers registry:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Security_HKLM_only"=dword:00000001

The sub-keys of the Internet Settings key, for both HKLM and HKCU paths, are:
TemplatePolicies
ZoneMap
Zones
The Zones sub-key contains a sub-key for each zone defined. The defaults are:

Key	Meaning
0	My Computer, NOT available in the Zone box of the Security tab.
1	Local Intranet Zone.
2	Trusted sites Zone.
3	Internet Zone.
4	Restricted Sites Zone

These sub-keys contain the following Value Names:

Value Name	Data Type	Meaning
Description	REG_SZ	Displayed when you select a Zone in the Zone box of the GUI.
DisplayName	REG_SZ	Displayed when you select a Zone in the Zone box of the GUI[/b].
Icon	REG_SZ	The icon that is displayed.
CurrentLevel	REG_DWORD	The current Security setting.
MinLevel	REG_DWORD	The lowest Security level allowed before a warning is issued.
RecommendedLevel	REG_DWORD	The recommended Security level.
Flags	REG_DWORD	Controls the users ability to modify the Security settings.

The data values for the CurrentLevel, MinLevel, and RecommendedLevel Value Names are:

Data value	Meaning
0x00010000	Low Security.
0x00011000	Medium Security.
0x00012000	High Security.

The data values for the Flags value Name are additive:

Data value	Meaning
1	Allow changes to custom settings.
2	Allow users to add Web sites to this zone.
4	Require HTTPS Web sites.
8	Include Web sites that bypass the proxy server.
16	Include Web sites not listed in other zones.
32	Do NOT show security zone in Internet Properties.
64	Show the Requires Server Verification dialog.
128	UNCs are treated as Intranet connections.

NOTE: The My Computer zone does NOT contain the CurrentLevel, MinLevel, and RecommendedLevel Value Names.
The following Value Names are all REG_DWORD data types. Their data values are:

Data value	Meaning
0	This action is allowed.
1	This action will generate a prompt.
3	This action is prohibited.

   Value    Setting
Name
1001     Download signed ActiveX controls
1004     Download unsigned ActiveX controls
1200     Run ActiveX controls and plug-ins
1201     Initialize and run ActiveX controls and plug-ins not marked as safe
1400     Active scripting
1402     Scripting of Java programs
1405     Script ActiveX controls marked as safe for scripting
1406     Access data sources across domains
1407     Allow paste operations via script
1601     Submit non-encrypted form data
1604     Font download
1605     Unknown
1606     User Data persistence
1607     Navigate sub-frames across different domains
1800     Installation of desktop items
1802     Drag and drop or copy and paste of files
1803     File Download. No prompt setting as download is either allowed or NOT allowed.
1804     Load applications and files in an IFRAME
1805     Unknown
1806     Launching applications and unsafe files
1A02     Allow cookies that are stored on your computer
1A03     Allow per-session cookies (not stored)

The 1A00 Value Name, a REG_DWORD data type, has the following possible data values:

Decimal Data value	Meaning
0	Automatically logon with current username and password.
65536	Prompt for user name and password.
131072	Automatic logon only in the Intranet zone.
196608	Anonymous logon.

The 1C00 Value Name, a REG_DWORD data type, has the following possible JAVA data values:

Decimal Data value	Meaning
0	Disable Java.
65536	High safety.
131072	Medium safety.
196608	Low safety.
8388608	Custom.

The 1E05 Value Name, a REG_DWORD data type, specifies software channel permissions.
The TemplatePolicies sub-key of the Internet Settings key has the default security zones settings. The Low, Medium, and High sub-keys contains Value Names that represents the Zones default values.
The ZoneMap sub-key of the Internet Settings key has the following sub-keys:
Domains - Contains domains and protocols that have been added. Each added domain is a sub-key of Domains. Sub-domains are sub-keys of the the domain that they belong to. Each domain has a protocol Value Name (ftp, http, https, etc.) whose data value is the numerical value of the security zone (0x00012000 is High Security) to which it is added.
The ProtocolDefaults sub-key of the Internet Settings key defines the default security zone for a given protocol, by adding a Value Name (file, ftp, http, https, etc.), with NO colons (:) or slashes (/). These REG_DWORD data types the following possible data values:

Key	Meaning
0	My Computer, NOT available in the Zone box of the Security tab.
1	Local Intranet Zone.
2	Trusted sites Zone.
3	Internet Zone.
4	Restricted Sites Zone

The Ranges sub-key of the Internet Settings key contain arbitrary sub-keys that define the ranges of the TCP/IP address. The :Ranges Value Name of these arbitrary sub-keys, a REG_SZ data type, contains the range affected (192.168.0.*). A * Value Name, a REG_DWORD data type, contains the security zone that the range falls within (0x1 is Local Intranet).