Full-Trust UWP Desktop Applications
Look, the concept of "UWP apps can run on your phone (RIP) and your Xbox," while admirable, isn't practical for most applications. Many applications need only Desktop support. UWP is too "safe" so as to be impractical for so many desktop apps, and WPF is like a third-class citizen with Microsoft in the background cheering "Upgrade to UWP!"
The sandbox nonsense has to go. Allow UWP applications to tick a box in the .appxmanifest declaring it as a full-trust desktop application. Prevent full-trust apps from targeting phone and Xbox if you have to. Show a notice to users upon install from the store. Let them install it if they so choose. 99% of the applications they install aren't (and won't be!) sandboxed UWP applications anyway. If it's an issue, virtualize the registry as with the Desktop Bridge.
Think AppServices, but instead of packaging in a Windows Runtime component, the UWP app gets the full-trust declaration itself.
You can never be too safe. Sandbox and strict policy is the reason there is no malicious software written in UWP.