Windows security sucks.
The real problem with Windows is that there exist folks who believe that it is, or can be, secured. They believe the six-colour glossy, the Gartner Reports, and other (manufacturers') propaganda. As a consequence they do not act in a fashion which will keep them safe.
Most users will pick convenience over security. What fraction of users (customers) would be happy with your suggested settings?
More than you might think -- still a minority however. There's not 2.437 pounds yet.
My probably naive view is that this type of problem could easily be solved by having the serious work done on a special class of well locked down machines and making a pool of more open systems available for checking mail or facebook or whatever.
You would be surprised at the number of Fortune 500 companies that lock-down their policies into deliberately insecure settings, and refuse to permit more secure settings. I can't quite figure this out, except to observe that there is a very severe shortage of security clue in the world and an appalling over-abundance of ignorance and stupidity.
I've heard stories of people filling USB slots with epoxy so idiots can't insert thumb drives found in the parking lot or brought from home. I forget the context.
This is, unfortunately, a typical reaction which arises from a failure to carry out proper root-cause analysis. The root cause of the issue is not "thumb drives", "baby fingernail drives", or whatever removable media type. The root cause is the propensity of Windows to engage in "magical" behaviour -- to put executable "data" everywhere and then to execute that "data", magically. And a failure to provide a "Magic Off" setting that actually works. Actually, there is -- it is called the power switch. Seriously though most of the magic can be turned off or bypassed, if you want to. Companies that engage in such behaviour are signing their own "all our base are belong to you" death warrants. Rather that voting with their wallets and insisting on correction of the root-cause of the problem, they instead continue to pour money down the crapper investing in never-ending supplies of draino and roto-rooters while at the same time continuing to financially reward the paper-towel flushers so they can buy and flush yet more clogging crap which requires yet more draino and roto-rooters. Shampoo, Lather, Rinse, Repeat. (Looking up the effects of adding those instructions to shampoo by Proctor & Gamble on their sales and profits is left as an exercize for the reader). Security does not require buying more draino and roto-rooters. It just requires that you not do stupid things inimical to security. Stop flushing paper towels down the toilet and you don't need draino and roto-rooters, nor will you need hazmat gear to clean the oozing excrement off the floor. Of course, it might be wise to keep a bottle of draino, a roto-rooter, and some hazmat gear on hand just in case -- but to concentrate on the symptoms rather than the underlying cause is just plain stupidity. Deliberately encouraging and financing those working to ensure the toilet is always plugged up and the crap is always running in the halls is sheer lunacy. Unfortunately, the lunatics are in charge of the asylum, and they have chosen the outcome they shall suffer. Now, back to our regularly scheduled programming, already in progress ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org