This is a very comprehensive guide to how the user Account Control (UAC) in Windows 7 works.
When UAC is enabled, all user accounts — including Protected Administrator (PA) accounts — run with standard user privileges.
PA accounts can be elevated to Administrator priveleges by clicking OK when prompted. This is the default type for the first account created after installation.
Subsequent accounts created are, by default, standard user accounts. These can be elevated to Administrator privileges by typing a password for an administrative account when prompted.
Applications running with standard user privileges are prevented from sending mouse and keybord events into the windows of elevated applications.
Executables are auto-elevated if they are signed by the “Windows publisher” and are placed in certain protected system directories on the disk. There is also a list of executables that are always auto-elevated.
Folder Virtualization (turned on by default for PA accounts) intercepts writes to files under the %PROGRAMFILES% folder. When non-“Vista aware” executables try to write there, they actually write to the user’s virtual folders. This allows every user to have their own version of, for example, configuration files.
If a “Vista aware” executable try to write to files under %PROGRAMFILES%, without the proper privileges, it simply fails.
Executables are marked as “Vista aware” by a flag in the executable file. This doesn’t actually make them “Vista aware”; it merely signals to the operating system to treat them as such, and turn off backwards compatibility features like Folder Virtualization. Flagging an executable as “Vista aware” without making changes to it may very well cause it to segfault.
References: Microsoft Technet