...
Another benefit of this is that Restricted Processes do not have rights to open any network based resource (e.g., file servers).
Online description
Adds the Restricted SID to the process. When evaluating security for any operation, when there is any Restricted SID specified then not only does the Security Descriptor need to allow access to the user, but also explicitly to the Restricted SID. See product documentation for more information.