How does each sandbox work?

I read in one of the stickies about the Partially Limited sandbox doing this:

Unrecognised software is automatically sandboxed using the partially limited policy by default is restricted as follows. It cannot: write to (ie infect) existing protected files or registry keys drop files in protected directories take some admin privileges (e.g. Debugging and driver loading) key log or screen grab by most known techniques set windows hooks without asking access protected COM interfaces without asking access non-sandboxed applications in memory access the internet without asking.

What does Limited add? Restricted? Untrusted?

They are very vague descriptions in the program “some of the operating systems security.” I’m looking for more specific. The explanation for Partially Limited above is perfect and what I’m looking for but for each step.

Have you read this it might help explain a little.

Those help but I’m looking for details and specifics like in the original post.