I will say that in my opinion MS still has a long way to go in the IE management department. It has gotten better in 2008 and IE8 but still needs improvement. To this end though, manageing Trusted sites is still done by importing sites into the User Configuration for Internet Explorer Maintenace (user configuration, Windows Settings in GPO). YOu will also want to set the computer settings that prevents users from adding their own trusted Sites or use the GPO lock down to remove the ability to get to the IE settings. If you do the later solution and remove the users ability to access the settings, then you can simply exempt certain people from the GPO and allow them acess to modify their own settings. as far as allowing users to use 64 bit or 32 bit, that is a pure judgement call on your part. I personally just make 32 bit available for them currently.