Manip, you can't have what you want. It's unfortunate but it's true. UAC cannot limit the scope of damage.
Actually UAC alone is a totally worthless security technology. It's trivially defeatable. UAC as a technology only has value when you combine it with the integrity level (IL) technology.
And even with UAC and IL, it cannot limit the scope of damage. Not on Vista, not on Windows 7.
And Microsoft has never said anything otherwise. People just didn't listen carefully enough.
Seems to me you are asking for a UAC state where auto-elevation under
all circumstances is disabled.
The Windows Vista team were very clear on the fact that any sort of auto-elevation utterly destroyed the point of UAC. They repeatedly said this was why whitelisting wasn't included. It's not possible to
design an auto-elevation system that isn't bypassed in this fashion.
I'd be happy if they left that behaviour in, it just shouldn't be the default behavior.
Larry Osterman said:
UAC as a technology only has value when you combine it with the integrity level (IL) technology.
I'm not sure I understand you. UAC is the Integrity Levels technology.