First, thanks to arcker for his Services UDF for making this possible. It works like this:
When launched, the app will install itself as a service, launch the service, then exit. The service runs in the SYSTEM account. To interact with the desktop of the currently logged on user it will get the security information from the winlogon.exe token and the user's environment from the explorer.exe token. The service will relaunch the app with these security settings and environment, then stop.