That's all well and good. I knew that the feature had been added but I didn't know that it would be turned on by default. Generally speaking I would expect that major changes to the authentication method would be opt-in, not opt-out. Furthermore, by defaulting to "on", it locked me out of my own machine where I upgraded the client. When I restarted I was prompted for a username which I had not set up and was only offered the local machine as a domain eventhough I was connected to the network. Only after using a recovery token to log-in and going through the steps to reset the passphrase was I prompted to associate a username with my passphrase. Then after restarting I was able to select our domain finally and log in. So if you upgrade a system, create a new client installer, use it to upgrade a client and restart you cannot log in without a WDRT. That's bad enough but the same thing happened on the system that I updated using the push notification, that's really bad. If I'd deployed this I would have bricked over 1000 computers and probably had my employment in jeopardy. The release notes need to specifically state "This new functionality is on by default and will change the way users authenticate to their machines".
With regards to IE, when I try to pull up a WDRT in IE 9 the pop-up that opens is at the login screen and entering my credentials only brings up the frontpage of the admin. I've already submitted a ticket for this and had it acknowledged as an issue.