How to run a process as non-admin from an elevated PowerShell console? How to run a process as non-admin from an elevated PowerShell console? powershell powershell

How to run a process as non-admin from an elevated PowerShell console?


windows powershell elevated-privileges start-process

You can specify the TrustLevel with runas.exe, effectively running "restricted"

runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"

You should see in the output from whoami that the Administrators group in your token is marked as "Used for Deny only"

enter image description here

windows powershell elevated-privileges start-process

When you dig into this problem, as mentioned by the linked tasks, there is no way to run a UAC "non" elevated process from a elevated process. Since this is exactly what I required and the runas solution didn't work for me I converted the code workaround supplied by Microsoft to use a scheduled task to Start a "non" elevated process.

Example of running powershell.exe as a "non" elevated process from a elevated powershell prompt:

$apppath = "powershell.exe"$taskname = "Launch $apppath"$action = New-ScheduledTaskAction -Execute $apppath$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-NullStart-ScheduledTask -TaskName $tasknameStart-Sleep -s 1Unregister-ScheduledTask -TaskName $taskname -Confirm:$false

The above powershell commands only work on Windows Server 2012 / Windows 8 and greater only.

Or you can use the SCHTASKS.EXE application instead to cover most versions of windows:

$apppath = "powershell.exe"$taskname = "Launch $apppath"schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppathschtasks /run /tn $tasknameStart-Sleep -s 1schtasks /delete /tn $taskname /F

windows powershell elevated-privileges start-process

You can run a non-admin process from an elevated session by passing in the credential of the user you want to run as. You can use Get-Credential if you want to run interactively, or you can use Import-Clixml or SecretStore or some other established mechanism for storing and retrieving credentials if you want a script to run unattended. E.g.:

$credential = Get-Credential -UserName $Env:USERNAME# or$credential = Import-Clixml -Path 'C:\MyCredential.cred'Start-Process -FilePath pwsh.exe -ArgumentList '-noprofile' -Credential $credential -Wait

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last