UAC fixer

All sysadmins at one time or another have dealt with an application that needs some small amount of access to something that is typically restricted to administrators. This idea would run the problem-app in a sandbox and watch for any denied disk or registry calls, prompt the administrator as to who will be using the application, and then automatically set permissions for that user or group based on what it detected.