"You just need to identify which bits of the filesystem and registry they are trying to write to and adjust permissions as required "
Well yeah, sure, everyone knows how to do that, right ? What's the problem ?
Not arguing with you. Most people don't know how to do this, so it is my job to fix it for them in a business environment. Other sysadmins should make the effort as well, but too many just grant admin access because that is what the app vendor tells them.
Yes, for home users, this is a bigger problem.
The main criticism is the app vendors who could easily put things in the correct place and this problem wouldn't exist.
Windows has the toolset to be deployed securely and managed properly. If you take the effort to implement security policies, OS hardening templates and proper role based administration. All of these are available and widely documented.
Don't blame the OS for so called admins who are too lazy to do their job properly. If you find an application that needs deploying, analyse it properly and deploy as securely as possible. Don't just chuck it at machines and click next -> next -> next.