...
The existing Adjust Process Rights [[Security]] action in v8.0 would elevate the integrity level of processes if an integrity level SID was specified, but would not lower the integrity level in “decrease mode”. This feature has been implemented. [[Meaning it now will lower the integrity level in "Decrease Mode"?]]
Restricted SIDs
As well a less well known (and used) feature has been added: Restricted SIDs. This feature is just exposed as an option “Restricted Code” on the Adjust Process Rights action.
...
Online description
Adds the Restricted SID to the process. When evaluating security for any operation, when there is any Restricted SID specified then not only does the Security Descriptor need to allow access to the user, but also explicitly to the Restricted SID. See product documentation for more information.
Related Links