Ah, yes, this bug again. I've seen it crop it's nasty head up a number of times all the way back to IE 4.x.
After using an IEAK upgrade to upgrade my stations from IE6 to IE7, Internet Explorer treats all Internet sites as Local Intranet. For me, this means they have additional rights to install spyware & because we don't allow passwords to be saved on our Intranet via a GPO, the users can't save ANY of their passwords for any website.
I've seen this times before. So I had a hunch. I checked my settings. Everything seems right in the GUI. The settings match my machine. Mine was updated via WSUS, not through IEAK installer. But we both run the same .INS configuration file. We run security zones for IE as HKLM only as described in KB182569. This allows us to set the settings once per PC and be done.
So my first test was to disable "Automatically Detect Intranet settings". And behold, the Internet zone was detected correctly now. Go back into the settings and IE7 had reset this setting back to enabled. But that didn't matter, the detection was working now. I tested this on 3 machines and repeated the experience.
So I found the registry location and dumped it into a .REG file
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect"=dword:00000000
Notice this is in the HKCU location and not the HKLM location, where my settings should be coming from. However, running this via REGEDIT /s ie7fix.reg in a login script resolved the issue on 3 machines. So this triggers IE to fix whatever is wrong. Since my settings come out of HKLM, the IE GUI still shows autodetect enabled. And it detects correctly.
This is obviously a bug. IE7 must not be looking at HKLM in every case where it should when Security_HKLM_only is enabled. My guess is that the IEAK installer couldn't access the HKCU hive of the user. Somehow setting the AutoDetect value in HKCU triggers IE7 to fix what is wrong there.
--- Correction below----
This was caused by my own doing. I followed these directions;
http://www.msfn.org/board/index.php?showtopic=75475&mode=linearplus
Which had me set the runonce to 1 so that the annoying welcome to IE7 didn't appear. Apparently it is this flag that also upgrades HKCU settings from IE6 to IE7. So I caused the problem myself.
