Application Impact Management is a fancy name for the virtual sandbox that Microsoft is creating for applications that attempt to use resources that the limited user account (LUA) doesn't have permissions to use.
While some of the advertised features of Longhorn have fallen off of the table, enhanced LUA capability remains. The specifics of this capability are beginning to appear. One change is the deprecation of the Power Users group.
This group effectively gives the user administrator rights, and has therefore been deprecated in order to simplify the security model. This is a good thing, as Power Users is nothing more than a false sense of security. There are now only least privilege (LUA) and administrator accounts. These apply to both services and interactive accounts.
Way too many administrators. This is clear. This is made clear through the interpretation of some of the compliance regulations such as SarBox and HIPAA and others. This is clear from our internal security audits. It seems that every time someone asks how many domain administrators there are in a given enterprise the answer is much smaller than the reality. When we talk about local administrator rights, the numbers are staggering.
NEW: Microsoft Hyper-V Master Class with John Savill