...
The Security Descriptor defines who has what rights to the process that is started.
From the "Security Descriptors - User Defined" (Under Policies) we can create a new Process Security Descriptor where we will define what rights each user or group has to the process. (It is strongly recommended that the System has Full Control always.)
Creation of a
...
process security action
The Process Security Action is what applies the restrictions to the process when it is created.
After creation of the new "Set Process Security Descriptor Action" rename the action and choose the newly created Security Descriptor and save the action.
Create a new Application Control
...
policy
After creating a new Application Control Policy and choosing which application(s) it applies to, change the application action to include the new Process Security Descriptor Action.