With UAC enabled in Vista build 5536, I get confirmation prompts in admin
accounts, and I get password dialog boxes in standard user accounts. And of
course standard users can't read each other's home directories.
Then I ran secpol.msc and under Local Policies\Security Options I disabled
User Account Control: Run all administrators in Admin Approval Mode, and
then rebooted. Now, as expected, admin accounts silently grant privilege
elevation and no longer give confirmation prompts, but in standard user
accounts, instead of getting a password dialog or a silent granting of
privilege elevation, I get automatic denial. And standard users still can't
read each other's home directories.
So, if non-admin users are using standard user accounts, and the admin
accounts are used only to run trusted software, then what security is
actually lost by disabling UAC? Standard user accounts haven't gained any
new privileges by having UAC disabled.