Noone disputes that TrustedInstaller has ownership of %ProgramFiles% under Vista. However, the ownership of a file system object is entirely irrelevant to the discussion of whether a specific user group can access that file. This entire discussion misses the point.
Now, UAC in Vista is a function that, among other things, prompts you on write access of protected folders such as %ProgramFiles%. If it doesn't, your Vista is broken. Simple as that. Not that the entire concept of UAC isn't broken anyway, but that's besides the point also.
|