I guess I just do not understand the philosophy behind the current UAC scheme. Once I log in as a user with all privileges, I ought to be able to do anything, access everything, using any and all of my programs. Conversely, I should be able to log in as a limited user, and have only specific privileges. In a multiuser file system there is also benefit to be able to control who can access what and how and when (e.g., by access control lists). But what is the benefit in a single user system?
"TheDave", you have a good example of why a multiuser system needs U(ser) A(ccess) C(ontrol). It does not apply for a personal computer - one which is for the exclusive use of a single person. Yes, in the business context the local computer is just a part of a distributed computing system, it is not a personal computer, just a more sophisticated and powerful terminal. Your example actually describes a method of sabotage or theft of resources which UAC can (hopefully) prevent.
Your suggestion to use UNC instead of drive letter mapping does not work if the same memory stick is plugged into a different machine of the network. With mapping (combination of NET USE and good old SUBST) I can make it appear on the same drive letter of all machines currently in the network, regardless of which port of which machine it uses. The UNC would not be the same. Yes, within TCC, I could use a directory alias, but not for external programs; all programs can deal with mapped drives.
Assembly? I spent many years writing in assembly language; on one real-time control system I even had to perform the task of assembler and linker manually, and write the punched tape loader, too - it was a totally bare system, no support software at all, just as you proposed... "An unknown product from a reliable company" was management's reason for the choice.
QUESTION: How can I map a network share to a drive letter so it is accessible by all programs from TCC? I attempted with net use, but the response was "access denied" - executed from an elevated TCC session, but with UAC disabled. Starting Windows Explorer from the same TCC instance (without using start /elevated) allowed me to successfully map.