I would like the option to always get a pop-up for certain things (such as device driver installation and direct disk access) even in clean PC mode. It would be nice to also set this for group of files and registry settings. This would allow advanced users to have more control in clean PC mode. You could then let save applications do most things but make sure you are prompted (or blocked with parental control on) for the most dangerous things.
A screen a bit like the application rules in computer security policy but for all applications where you could tick “force pop-up” for each category would do the trick. This would force a pop-up for any rule left on ask against an an application and it would stay on ask for safe applications.
Installs/upgrades would still work with no pop-ups if given installer/updater status.