Application Impact Management is a fancy name for the virtual sandbox that Microsoft is creating for applications that attempt to use resources that the limited user account (LUA) doesn't have permissions to use.
While some of the advertised features of Longhorn have fallen off of the table, enhanced LUA capability remains. The specifics of this capability are beginning to appear. One change is the deprecation of the Power Users group.
This group effectively gives the user administrator rights, and has therefore been deprecated in order to simplify the security model. This is a good thing, as Power Users is nothing more than a false sense of security. There are now only least privilege (LUA) and administrator accounts. These apply to both services and interactive accounts.
Way too many administrators. This is clear. This is made clear through the interpretation of some of the compliance regulations such as SarBox and HIPAA and others. This is clear from our internal security audits. It seems that every time someone asks how many domain administrators there are in a given enterprise the answer is much smaller than the reality. When we talk about local administrator rights, the numbers are staggering.
John Savill's Hyper-V Master Class
Join John Savill for 12 hours of comprehensive Hyper-V training. This master-level online training course will explore all the key aspects of a Hyper-V based virtualization environment covering both current capabilities in Windows Server 2012 R2 and looking at the future with Windows Server vNext.