What actually happens when you add a user to an Administrator Role Separation role?

The configuration adds entries to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\control\lsa\rodcroles

• Name: 544
• Data type: REG_MULTI_SZ
• Value: S-1-5-21-760266474-1386482297-4237089879-1107

The role is denoted by the entry name—544, for example, is the well known RID for the builtin\administrators group. Then, each value represents the security identifier (SID) of a user who has been assigned to the role.