By "kick in" I mean UAC become active as soon as I try to run a program
asking for permission to continue.
Not sure what the restricted areas are but none of the programs is doing
anything special
I'm not certain I've got it all straight (maybe someone
can correct me if not), but I think it goes something
like this:
If you set the program to run as admin - or if the
program has a manifest file that requests admin
permissions - then when it tries to do something
requiring admin permission you get an "elevation"
prompt asking for permission. If it's running as non-
admin then virtualization takes over, pretending that
the program is being allowed to accomplishing its
task but actually keeping the program sandboxed
without telling you.
In other words, under "normal" conditions a program
running as admin doesn't actually get admin permission,
but does get the elevation-prompt option, while with a
program running non-admin, restricted functionality is
just blocked without telling you or giving you a choice
in the matter.
Restricted access is just about anything: Accessing
HKLM in the Registry, accessing nearly any file other
than those in the Documents folder or user App Data
folder, etc. Even access to a program's own program
folder is restricted! So you might have one program
like Notepad that doesn't access anything and therefore
needs no elevation, while another program might, say,
try to write to its own INI file in its own program folder,
and that will be regarded by Vista/UAC as a potential
security calamity, requiring explicit permission. So in that
case you get the elevation prompt. A third program
running as non-admin that tries to write to its own
INI file will, I think, be tricked by virtualization, only
allowing it to write to a dummy file belonging to the current
user, with the result that traditional all-user INI settings
stored in the program folder won't work.