Chris Szurgot's Blog

http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx

Awesome post on the evolution of UAC in Vista. I particularly like that while some of the more stringent requirements off by default (Ctrl-Alt-Delete, and passwords for admin elevation), the functionality is still available to be turned on.

This particular line resonated with me:  "There is clearly a balance here because if we lock the system down too tightly, then we risk the majority of customers turning key features off, or even worse, staying on older versions of Windows and thus not realizing the great security benefits of the new system." I've run into several examples of this throughout my career, from a company with a great firewall that all the mission critical data was outside of becuase the admin didn't want to open up ports (So the devs were protected, but not the web site data), to complex passwords on sticky notes on the monitor.