I asked you in the other thread, how would you fix the issue? Too much code can make system wide changs on the Windows platform. So seriosuly, how would you have handled this while still providing for some level of backwards compatibility to existing software?
Actually I have a idea.
Ever used Chroot in a Unix system? (I expect: yes, of course)
Well it's progressed in sophistication and has lead to a new class of VM typified by things like OpenVZ (commercial counterpart: Virtuozzo) and Vserver and Solaris 10's new containers features. From a security standpoint this sets up a enviroment were root is not god of the OS, root itself becomes a non-privilaged user.
You would use the equivelent of 'mount --bind' (I know NTFS has a similar feature) so that the directory structure of the container corrisponds nicely to the directory structure of the user's read/writable portions of the directory structure they are allowed to have.
Effectively you would end up with a little fake Windows sandbox were applications can fling themeslves around with all the administrative requirements they want without actually polluting the core system and keeping the users from each other's stuff. Binary compatability is ensured by simply having a full XP environment (or nearly full. Strip out everything not relevent to win32 apps) aviable to each user... (or use the snapshot features aviable for things like shadow copies to save on system resources.. each user ends up with a compressed binary file somewere which would be the differences between their little envrionment vs the original system's)