This is what I was talking about...
if you right click on a program, or shift right click depending... you get the option, "Run As". if you select that, you are given a dialog. in that dialog you can specify the account to use to run the program. if you use an admin network/local credential, they run as that account. so, let say you have user1 (local machine account) and net_user1 (Domain Account) who are both member of the Local machine group called Administrators. Then lets say you have a program called APP1. This app requires access to files in %systemroot%, which is protected, so when you launch the program as a non admin user, you will get an error. If you run it as an admin, you will not get an error. This is what I was describing you in my previous post.
If you run Filemon, as an admin, when the non admin is logged on, you will see access Denied errors in several things. These should be the files that the user can not access.
If you go to the specific file, and right click it, then select properties, you should be given window with several tabs on it. Select the security tab. in the middle of the window is an add button, click that and then in the new box, type Authenticated users and then click apply. if you spell it wrong, then it will tell you it can't find it. Also check to see if you are looking at local machine versus domain.
This should allow you to do what you need. Hope it helps.