in our company for non domain machines (a few server) i create a rule to skip authorization for the Client-IPs of this machines in the Authentication Rule Set. And then i create a Top Level Rule Set under the User-Authentication-Top Level Rule Set which Criteria is the List of the Client-IPs. So the client is identified over the IP. This works fine with manual Internet-Settings in IE but i think it works with PAC or WPAD too.
Many thanks BR.