This thread seems to be heading in a good direction. I've been playing around with group policy settings recently at work (all our servers have been fine lately <cross fingers> so I figured I'd play with user settings for a bit) and you can disable pieces of the IE control panels including those security panels. So, set the security levels however you want as that user, then log out and back in as administrator, go to the command prompt and type:
"mmc" and hit enter.
Go to File: Add/Remove Snap In. Click Add. Select Group Policy. Leave the Object at Local Computer and click Finish. You then have a LOT of options you can tweak on the workstation that only an administrator who knew about this stuff would be able change back. If the user is indeed a limited account then they should not be able to change this.
I'm not sure exactly what you want but there are IE security and configuration settings in the Local Computer Policy->Administrative Templates->Windows Components->Internet Explorer AND Local Computer Policy->User Configuration->Administrative Templates->Windows Components->Internet Explorer. Yup, different settings for the same program in 2 different places. You can lock down IE to a great degree with group policy, including disabling most all of the Internet Options control panel once you set the settings.
Let me know how this works since I haven't really touched those parts of our group policy. Basically in an Active Directory domain you can apply these policies to all your users transparently and can change them at any time. So far it's worked out really well.
Gaidin
Edit: Not sure if local policy takes effect immediately so I'd recommend rebooting after making changes. Also, as an administrator who wants to retain all the abilities that you are restricting on the limited user you may need to do some other stuff. It depends on whether those IE settings are user specific (I *think* they are) or machine specific.