...
When elevating process rights with Application Control Solution (ACS) on Windows Vista or Windows 7, there are times when the rights given by ACS appear to be insufficient. The process still doesn't work as it does when the user is logged in as Administrator, accepts the UAC box, or the process is run with the right-click Run As Administrator option. Or an error is returned stating you do not have sufficient rights or access.
...
Solution
Windows Vista and Windows 7 introduced changes to security which included creating two tokens for users when they log in. The lower privilege token is the one always used unless the user goes through UAC or other processes. ACS allows administrators to choose which token should be used to elevate certain processes. The lower privilege token, if it works, is the better option as it has fewer privileges and thus protects the system better. But if necessary the higher-privilege token can be used by ACS when manipulating the process's security configuration.
...