Windows Vista - Security Virtualisation

If you read through previous posts of mine, you will know that I recommend running as a local user in XP and only using administrative credentials to install programs.
Usually this works quite well until a legacy application tries to write data to a file or registry location that a normal user has no access to (such as high res mode on Microsoft Flight Simulator 2000)
Vista, with it's 'Run everything with least privilege', gets around this by 'virtualisation' of the filing system and the registry.
How does this work in practice?
When Vista detects a write action to a restricted area, it redirects it to a per-user virtual location. Program file information typically gets written to %LocalAp
pData%\VirtualStore. Subsequent read requests will also be redirected.
You can browse to where these virtualised writes have taken place, say in the Program Files directory, and a 'Compatibility Files' button will be present on the new 'Command bar'.
A similar redirection takes place when writes to restricted areas of the registry takes place, storing data that traditionally would end up in HKLM\Software in places such as HKLM\Software\Classes\VirtualStore

Whatever your opinion of Microsoft, you can't deny the efforts being made in the least privilege space to increase security.