We were discussing the case where the application runs by Terminal Services. That means that all users are logging into the same machine that has both the data and the binaries, and in effect all of those users login locally simultaneously to use the Quickbooks binaries and data locally.
We have seen problems in earlier versions of Quickbooks on file sharing in a Terminal Services configuration, if you want to restrict most file access to read only. The files that need to be read-write (such as the dictionary) are often spread out secretly among all the files. You end up having to use low level utilities like the ones made by SysInternals to see which files Quickbooks wants access to, and at what level. Even then, you typically only debug the minimum necessary and end up with the occasional strange message in Windows server eventviewer that cannot be easily explained.
In earlier versions of Quickbooks at least, it doesn't appear that Intuit invested one dime in thinking through the details of what kind of permissions each file would need to have. Telling us to make all users who login locally via Terminal Services members of the Administrators is something some vendors do, unfortunately. Actually most of them simply say "not supported" when asked about Terminal Services because they don't want liability if you make the user administrator. It typically means they put someone novice on it for a few days, and the only way he could make the configuration work was by becoming administrator. I guess it is hard enough to make the software work at all, let alone to think through the intricacies of a real security model.
The friendliness of Windows is just a facade for people who don't really understand technology. Underneath the superficial layer, it is not just unimaginably complex (e.g., the registry, the file ACLs that co-mingle local system and domain entities, and the poorly documented security policy ACLs), it is also unimaginably ugly and unimaginably disfunctional, and the more money I dump into expensive projects to secure it, the more I realize that it is not securable in any budget that is economic. Windows 200x is the operating system that costs $500 to buy and $20K to make safe, and after you spend that $20K it is only safe from about 96% of all users. The other 4% know more than your consultants knew, and they can just take whatever their ethics let them rationalize.