I don't know if this is by Microsoft design or a bug, but when I was experimenting to test if windows would block me from editing a system file. In a standard user account I made in Win7, I tried to edit a hosts file with NotePad++. Windows did block me, but then notepad++ came up with an option to escalate itself to admin mode. I was then able to edit the hosts file and save it. (Notepad++ did this without me providing an admin password) This seem like a major security issue if a standard user can just bypass windows write-permissions simply by running a program as admin. Again Notepad++ did this without me providing an admin password. I'm guessing this freedom would not be possible if I was logged into a domain account / controler?