I'm going to have to post my doubts about the above assertion. While the windows branch culminating with "millennium edition" were in fact evolved from a stand alone system that gave full administrative access to everything to the user, the NT branch really WAS this rewrite from scratch that you're talking about that windows needs. I'll indeed grant that the APPLICATION writers didn't fully catch on for a while, but windows itself has plenty of security bits built in from the start.
What else should windows get that you don't think it has currently? I admit the culture around windows administration could be at fault, but I don't know if I'd blame the software (for the most part). I'll not mind being proven wrong however so have at it!
Windows doesn't have good separation for auditing and security from administration. Certainly there are issues with application developers and their code, but the hierarchial nature of Windows and AD includes accounts that are above everything else. Same with sa/sysadmin in SQL, though they've done a good job with RLS and some encryption to take the admin out of the loop. However, there are still plenty of ways for an admin (or hacked admin account) to cover their tracks and bypass security.
Even the sudo access on Linux systems still allows God account access, rather than more fine grained access, perhaps requiring 2-3 accounts to complete all actions.
We havne't done a good job of protecting ourselves from the knowledgeable people that control systems. Two phased access to systems, which many military systems have for extremely sensitive areas (nuclear, large scale attacks, etc.) are something we should have adopted at some point.
What are some examples of security that isn't of a hierarchial nature for instance? Can you name a valid security scheme that a less privileged account can grant privileges to a more privileged account? Or is that not what you are talking about?