There have not yet been really aggressive pushes to lock down Wintel PCs.
For one thing, a secure OS with memory protection has become mainstream only 10 years (WinXP) and prior to this any attempt to lock down PC had been an exercise in futility. Besides, at that time users had not yet been conditioned by Apple that walled gardens are acceptable and good (remember outcry about Palladium).
Then there's a question of signed kernel-mode code and privileged processes - it has been successfully solved by Vista and Win7. EFI or BIOS with TPM support already allow to have completely trusted boot chain.
So the only small component is to forbid running of unsigned userspace code. That's what Microsoft is going to do.