Did you use IE10 (or newer) when testing because it seems IE10 performs Intranet zone detection differently than IE6/7/8/9.
Please refer to this article:IE 10 Prompting for credentials - Windows Authentication
Let me know if this does not solve your problem.
By the way regarding the different behavior between domain administrator account and other accounts:
With Windows Integrated authentication, the user's password is not actually sent from the client to IIS. Because IIS does not have the user's password, IIS resources will not be able to turn around and authenticate the user to another network resource. When you are logged on locally to the server to test, now the machine does have the user's password (you're physically logged on to this machine) and you'll then see different behavior with regard to network resources,