We have been wrestling with a problem concerning our internal sites and addresses. Due to some issues out of my control, we have a fairly long exceptions list in IE. We reached the AD character limit and began populating the IE exception list via login script using Script Logic. That was workign fine up to the point where I migrated our users to ISA04. It appears that when a user has the FW client installed it overwrites the exceptons list. As a result, several internal sites are no longer accessible. I've read as much as I can find and I know several people have complained about various issues with Auto Detect and Auto Config setings. We are using both of these although it doesn't seem to make a difference either way. I can add an IP range to the Direct Access list and it seems to work, however that's not very easy to administer.
If I log on with the FWC disabled, I get an exception list via script. If I simply enable the FWC, by the time I open the IE properties box, the exceptions list is gone, replaced by a blank box.
As an update to this; about the same time we began to rely solely on the scripts for our exceptions list, we turned off the Active Directory object typically used to configure IE settings. Does the firewall client use that to populate the exceptions list in IE? It doesn't SEEM logical.
After watching the registry, it appears that the firewall client clears out the registry entry providing the exceptions. If the firewall client is running and the script is run, the exceptions re-populate and stay until the next re-boot, or the next time the firewall client is disabled and re-enabled.
It seems that there should be a place to turn this behaviour off.