It's simple, the default domain policy has a higher priority. If the domain is 2008, put it on the site, but with a specific targeting of users / group / OU

If not, set policy enforcement

hmm, maybe I'm wrong - but below:
1) we are not talking about group policy preferences - but about administrative templates - zones can be configured both there and there - I need it in administrative templates!
2) Domain 2003
3) All my life I have been guided by the rule: The main formula for using GPOs in Active Directory domains is LSDOU, which means the following order of application (the latter have the highest priority):
n local computer policies (Local Policies);
n group policies at the site level (Site);
n group policies at the domain level (Domain);
n group policies at the organizational unit level.
It turns out - that my OUs - have an advantage over default or am I confusing something ?? and while digging - I found a text that is amazing in its simplicity on the flow - intelligibly: technet.microsoft.com/ru-ru/library/hh147307 (v=ws.10).aspx
and as far as I remember, in 2003 - default policies in any case have priority only at the level of security settings - that is - the password policy in the first place - which cannot be overridden at the OU level!

As far as I remember, when setting different parameters in group policies, user\computer always wins computer. And where did you get the idea that merge should happen?

Not in all settings, local computer policies have advantages over user ones! setting up IE zones just merges - checked.
In general, I found the problem! It turned out that it was not a matter of politics - but in the IE settings on terminal servers - only there user zones are not applied. On thick clients, everything is ok, zones come from both OU and default.
On terminal servers, this is because IE was set up a little wrong at the time.
So thank you all.