Question : How do I refine the group policy governing storage of credentials or .NET Passports?

Points of My Scenario:
1. I am admin of a Windows server 2003 domain
2. Workstations run Windows XP SP3 and Internet Explorer 6 (yes: still on version six)
3. I enable automatic authentication to corporate websites requiring login using the following  policy "Network access: Do not allow storage of credentials or .NET Passports for network authentication", found in “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security options”. It is configured to be "disabled".
4. I need to ensure that despite the configuration in point #3, that Internet websites (e.g. Hotmail, Yahoo!, etc) in general are not storing credentials for automatic login.
QUESTION: How can ensure that only corporate websites (which present a Windows authentication based logon dialog) are allowed to store credentials - as opposed to general Internet sites?

Answer : How do I refine the group policy governing storage of credentials or .NET Passports?

one a policy is applied to a object it stops processing for that object, therefore since the first policy applies to all recipients it will never go to the second
you need to update the filter such that it excludes the three users