I've been tasked with including IE7 in my upcoming unattended
installation/images and deploying the new browser to existing machines
via WSUS. I have a question re: IE7 in non-AD environments with respect
to Intranet settings and would like to know if others here have
experienced the same behaviour and, hopefully, have found a solution.

I shudder at times, but we still have a few scripts (.cmd or .vbs)
executed via login script for a few containers - the scripts are
referenced by UNC, not mapped drive. After installing IE7 execution of
these scripts is being interrupted by Windows as a potential security
threat and gives the user the option to cancel the script. Not good.

From my reading/testing, I understand that this behaviour is due to the
fashion in which IE7 handles zones and detection of the Intranet zone
specifically (no domain membership since there's no AD environment). If
I disable "Automatically detect intranet network" under "Internet
Settings" then the scripts execute without issue. I've capture the user
registry settings that change when this is done, but I can't seem to
embed them in the "Default User" hive.

Anyway, just looking to see if anyone else encountered this and how
they're dealing with it. GPO's right?