Apply restricted token to process

I have a (mini) file filter driver and in that driver I want to restrict a starting process (for example IEXPLORE.EXE).

I remove the AdminSID (S-1-5-32-544) then i apply the restricted token by using ZwSetInformationProcess. This works on Windows XP but fails to work on Vista it returns STATUS_NOT_SUPPORTED

This is what I do (pseudo code):

  1. Determine Process Name (for example IEXPLORE.EXE) using GetCurrentProcessImageName
  2. Determine whether process is already restricted using SeQuerySubjectContextToken
    If not restricted:
  3. Remove S-1-5-32-544 from ProcessAccessToken using SeFilterToken
  4. Apply new token to ProcessAccessToken using ZwSetInformationProcess

This is all done in the PostCreate. Is there an other way to do this?