Tell a lie, Paul did flag it as answered. Cool.
More stuff, the Intranet zone additions is covered in the Desktop bit of the Advanced policies.
Yes I should think it does make a big difference if you are not on a PC in a trusted windows site. This sounds like no fun at all to me. If it's not a scenario you will have in Live then don't try to get it working. EV can only ACL vaults in a Domain trust model. Authentication against the Exchange mailbox via Pass-Thru is not enough. To get EV working properly you must log in as the AD/NT user who has ACL permissions on the Vault.
David
http://messy.bravehost.com/