... until the collector arrives ...

This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)


IE7 vs. Automatic Windows Authentication

As of IE7, any URL whose host portion contains a dot is considered to be outside the intranet zone.  Thus, automatic Windows authentication is disabled (by default).  As a workaround, you can now add individual URLs to the list of intranet sites.

I tried to add a wildcard for the local domain to the list of sites (*.mm.local).  IE complained that the URL was already listed in another zone, and that I should remove it from that zone first.  True enough, it was in the trusted sites zone.  So I removed it and tried again.  I exited and relaunched IE.  I logged out and logged back in.  I rebooted.  The same message occurred after each of these measures. I tried a different wildcard, and it worked.

There appears to be a bug where once something has been in the trusted sites zone, you can't ever add it to another zone.  I connected to a web site in the local domain, entered the requested password, and IE showed the site as still belonging to trusted sites.  But the wildcard no longer appears in the trusted sites list.

Problem solved.  The registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

contains the IE zone mapping.  It didn't show my local domain, but the corresponding key under HKLM did.  I'm not sure how the HKLM key got there, and there was no evidence of the registry setting in the IE configuration dialogs.  Deleting the key made things work as expected.

Blog Archive