@Stoic Joker: thanks for breaking down my thoughts, easier to digest i assume.
So you are logged in with an account that is a member of the local administrators group (which would include Domain Admins)... Yes?
yes, i believe i had given myself the highest possible access.
I can't honestly say I've ever tried doing that. But I did try it just now and received a would you like to save or open link prompt from IE.
i can provide a use-case. e.g. you have a link shortcut (files ending in *.url) that you want to open in the non-default browser. so instead of double-clicking (which will open in defalt browser), i just drag the url shortcut to the non-default browser. of course assuming that non-default browser is already open.
Okay, this part is starting to make sense, if you are running an alternate shell as admin it's not supposed to work because DnD does not work between sessions. I frequently trip myself up with this when editing system files. If I run notepad as admin, then drag a file from desktop/explorer and drop it in notepad, nothing will happen because they're both in separate sessions.
ok, this is the part that is missing from the manuals. i always thought i am some sort of superuser who could cut through layers of security but apparently MS thought otherwise.
Even domain administrator accounts (and their shell's) run with restricted user level permissions when UAC is enabled. So any system level changes require selecting run as admin or clicking yes/ok on a UAC prompt at some point. So if something is being run as admin it will be in a different session and therefore not available to interact directly with other non elevated applications.
again, "different session" is the keyword here. so the mantra is: "all sessions are not created equal".
thanks again, SJ. i will keep these points in mind for the next time i start dragging and dropping.