Editing your policy file is the ultimate thing to do. But, it should be specific so that only the applet you wish to be trusted should be granted the privileges, otherwise it becomes risky.
For deploying the applet to other machines, it is not actually possible to edit their policy files. here the certificate comes to the recue. the client must be given access to the certificate thru a link on the webpage. the client should install the certificate on his machine. now, when he runs the applet on his system, IE would check the signed applet against the certificate and ask him if he wishes to grant it rights. If he does, the applet gets all privileges.