A couple of times recently I've used a simple piece of code to demonstrate UAC and Filesystem Virtualisation in Windows Vista, and some attendees have asked me to post that code.  Now I have, and you can find it here.  The code is C#.

The code contains a hardcoded path to a folder beneath c:\program files; you'll want to create a similar folder on your system to use this code.  When you unzip it, the code contains a manifest file that specifies a privilege level of "asInvoker", meaning that virtualisation of the filesystem is disabled.  To see virtualisation working, you have to pretend not to know about UAC.  You can do that by commenting-out the <security> element (and it's children) in the manifest file, like this...

The sample simply tries to create a file in a folder beneath c:\program files; the results should be as follows...

With no UAC privilege level specified in the manifest (as above), the file should be created in your virtual store.  For me, that's at c:\users\mparry\AppData\Local\VirtualStore\Program Files.

With a requested privilege level of "asInvoker" (and without right-click, "run as administrator"), the attempt to create the file should fail, due to a security exception of some kind.  That's because virtualisation won't happen, and you don't have permission (as a standard user) to write beneath program files.

With a requested privilege level of "requireAdministrator" (or with right-click, "run as administrator"), the file should be successfully created, in the real folder beneath program files.  No virtualisation should occur because your process is running with your full, administrative access token.  That's right - all of this assumes your login is one that normally has administrative privileges.