Policy that is actually causing the problem (or lack thereof) is corresponds to Internet Options control panel, Connections tab, Lan Settings button: Use Automatic Configuration settings.
Having this turned on causes IE to load a configuration file prepared by IT department which makes a whole lot of configuration changes to IE, including remapping the security zones. We can test this by unchecking this option (the default state).
Since the machine is in domain and since we are testing with domain users accounts, I have monitored domain controller pushing down a bunch of policy settings which relax the IE security settings, causing the reports to display.
First, domain settings will resync over time and this checkbox will keep getting turned back on automatically. So you canít really turn this off, it wonít stay off. I would feel better just testing local accounts, but since the computer is also a member of the domain, machine-specific policies are applied by the domain as well.