I’ve just seen this very interesting article on Mark’s blog. It explains how Vista’s User Account Control (UAC) and Integrity Levels work toether to create a sandbox environment to eliminate direct interaction between processes of differing secuity levels. It’s not complete speration because this is not possible, as Mark explains, and hence they should not be referred to as secuity boundaries. They just make it much harder for malware authors to transfer data from a low level process to one with admin or system rights. Mark also explains how PsExec interacts with this environment.