Vista's UIPI. Mostly compatible
Categories
We all knew Vista's security changes were going to be far reaching. UAC is controversial, and big, but even if you've made bad assumptions in your code, it still has a good compatibility story. UIPI has a much more interesting acronym and the potential for some much more interesting edge case incompatibilities.
In case you're wondering, UIPI is User Interface Privelege Isolation - it limits the windows messages a low level integrity process can send to a high integrity level process. It's designed to stop Shatter attacks, and is a major part of IE7's protected mode.
Not even Microsoft are above falling for this.
When Explorer starts up, or restarts after a crash, it broadcasts a registered windows message of "TaskbarCreated", so all the little applets can add themselves back into the notification area (system tray).
Can you see where this is headed?
Bingo. Programs running as admin don't get the "TaskbarCreated" message.
Now, AIUI, you can get round this by allowing the "TaskbarCreated" message to be received, using the new ChangeWindowMessageFilter function. But the bigger question is why do have an admin privelege program running permanently in the notification area?
(For what it's worth, I wanted to call this post "UIPI-kay-ay mother f****r", but didn't really have the bottle.)