I do not know your business, but I personally think it is generally a good idea to have a whitelist of web sites that are allowed to use java applets. (Which is also true for java script and flash.) Block all the rest you do not need.
Again, it's my personal opinion; maybe not generally considered as best practice.
This depends on the organization. Where I am IT is certainly trying to protect through restrictions, but we're still just another department under executive managment. If they don't want to hear complaints from users they'd rather open up the web with an attitude of "That's why we have McAfee, isn't it?"
In an environment where we've already decided we only use IE with a MWG7 that blocks certain categories and has an AV scanner, we're kinda stuck.
It's harder to take freedoms away from users when they've already had them for years. You end up looking like chicken little yelling about how the sky is faling to those who merely wish to keep the status quo.