UAC Side effects

I finally started playing with UAC. The exploration has taken more time than I expected. I found out that disabling UAC has many side effects:

- It effectively disables protected IE7. I didn't expect it. In fact, it had to be expected but I think it's should not be the default behaviour. It gets disabled for a simple reason: iexplore.exe gets started at level 3000. When UAC is enabled, it gets a default level of 2000 instead. My observed behaviour is that when UAC is activated and IE7 is started at level 3000 it disables protected mode anyway. So the inner of IE7 disables protected mode because it has been started at level 3000, not because UAC is disabled. I'll have to try it myself one day (do a thunk that lowers the IL to start IE)
- It disables virtualization. It is normal for administrators but I didn't expect it for standard users.
- It renders "Run as admin" shell extension useless. It's the worst side-effect. The funny thing is that the menu item is still there, even when you are running as an administrator! For administrators and standard users, the result is that the process simply starts as if the user simply double-clicked the application. From my point of view this is a regression because the RunAs... is not there anymore. What if I want to start as a restricted user instead? There's no way in the UI.

So what to do? I'm not sure; probably the best bet is to enable back the old RunAs behaviour in Vista by fixing the registry a little bit. To be continued...