Charles said:
Ray7 said:
*snip*

Please watch and understand this: http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=993

Learn.

C

I watched the video, extremely good, extremely informative.

Yet even with more general knowledge about Windows' security model in my back pocket my opinion remains the same:
 - Leave UAC on full
 - Begin engineering work to move to a more fluid admin/user model (that doesn't require fast user switching etc)
 - Warn the 3rd parties that if they aren't user-mode compliant by Windows 8 then they're in deep trouble

And in answer to the video, this doesn't add a new expensive security boundary. It relies on the admin/user model that is already in place but fractures user accounts into subsets with different permissions.