I feel like Vista's security model should work like Linux ala sudo. In other words, you can let the user run a specific set of programs (to change wireless network settings, for instance) as an admin with full access without typing in a password. Everything else requires a password if it writes to somewhere other than your home directory. When you supply the password you get like a 5 to 10 minute window to do whatever you gotta do before it asks you for a password again. No annoying popups, no nag-messages, no blocking usage of programs but inherently secure by virtue of not requiring software to write all over the place into singleton security objects like the Registry to work correctly. Add in a default firewall that didn't suck and you'd have a great system.
Popping up "continue" dialogs every 15 seconds and requiring you to start command shells as an admin is stupid.
Discuss.