Hello,
The steps seem correct, but I would suggest to check if the policy is applied correctly to the affected clients. You can use the command line "GPRESULT /H output.html" in order to create an HTML file that contains the policy infomation or issues in a client computer.
Additionally on the administrative template, you can try using the next policy to disable Attachment Manager:
User Configuration > Administrative Templates > Windows Components > Attachment Manager > Do not preserve zone information in file attachments = Enabled
--If the reply is helpful, please Upvote and Accept as answer--