One of the main advantages of web applications I often hear is that the deployment process is quick and painless, and that it even works in the most sealed off operating systems, as long as a browser is installed. I wonder if it is possible to make a lightweight installer for a thin client desktop application (for example written in C++) without requiring a lot of user privileges.
unfortunately you're working against the feature set of modern operating systems that attempts to make it hard for people to install software. imagine if malicious applications could be installed by users that have limited privileges; this is where we were (a lot still are) and what we're trying to work away from.
applications written for Windows that don't need a lot of privileges simply won't be able to do things outside of the 'sandbox' they are given.
an example of this would be Silverlight or web-deployed WPF applications.
if it's going to interact with your HDD, network shares, the registry, COM ports, complex memory operations etc, it is going to need some privileges. minimally, it will need to be written and compiled for a framework such as java/silverlight/etc that, while it has a sandbox to live in, have a set of things they are already allowed to do.
It depends on what your installer is going to try to do. If it needs to write to a protected folder (like "Program Files") or a protected part of the registry (including anything under HKEY_Local_Machine), then it will have to run with privileges higher than those of restricted users. If it's just going to drop some file in a user's own "Documents and Settings" folder, or put shortcuts in the user's start menu, then by default it's not a problem.
One tricky bit is the meaning of "Secured Environment". Administrators can use group policy to lock down the Windows Installer service, and if that's one of the things they've done to secure the environment, then of course regular users will be blocked.
Another possible issue is UAC thinking that your install is going to require higher privileges than it actually does. You can prevent this by using an application manifest, to explicitly tell UAC that you're ok with the install running as a restricted user.