In fact, I would never assume that the Windows security model would work in any case. There are too many holes and exceptions there. Once you trick the machine into running code at system privilige level, you can then muck with ACLs and SACLs and there is no security system left, unless it is your intent to prevent the owner from using his machine at all, in which case the system can be fairly effective.
Vista currently runs processes at standard user level and requires consent to elevate them to run at admin level. This has already pissed enough people off that they now have a security setting option Local Security Setting : User Account Control : Behavior of the elevation prompt for administrators (Prompt for consent - No prompt - Prompt for credentials)
They're already patching the patches for a product not released yet. My faith in Microsoft is as strong as ever...