Geek Answers Handbook

How to start a process as a non-admin from an elevated PowerShell console?

Maybe there is a way to do this with the Start-Process cmdlet, which I cannot find? Another related Q / AI found in StackOverflow, such as this , this, and this , all gives a decision to do this using special C # code. My question in particular is is there an easy way to do this in PowerShell? those. You are in an elevated PS console and want to start the process as a non-admin.

+5
source share
3 answers

You can specify TrustLevel using runas.exe , effectively launching "limited"

 runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"

You should see at the exit from whoami that the Administrators group in your token is marked as "Used only for refusal"

enter image description here

+8
source

When you delve into this problem, as mentioned by related tasks, there is no way to start the UAC โ€œnoโ€ elevated process from the elevated process. Since this is exactly what I need, and the runas solution did not work for me, I reworked a workaround for the code provided by Microsoft to use the scheduled task to run the โ€œnotโ€ elevated process.

An example of starting powershell.exe as an โ€œnotโ€ elevated process from an elevated prompt:

 $apppath = "powershell.exe" $taskname = "Launch $apppath" $action = New-ScheduledTaskAction -Execute $apppath $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-Null Start-ScheduledTask -TaskName $taskname Start-Sleep -s 1 Unregister-ScheduledTask -TaskName $taskname -Confirm:$false

The above powershell commands only work on Windows Server 2012 / Windows 8 and above.

Or you can use SCHTASKS.EXE instead to cover most versions of windows:

 $apppath = "powershell.exe" $taskname = "Launch $apppath" schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppath schtasks /run /tn $taskname Start-Sleep -s 1 schtasks /delete /tn $taskname /F
+2
source

in start-process there is a runas switch like

 start-process powershell -verb runAs

but still uac will check you, if you have to bypass uac on your uac system first, there are many ways to bypass uac, but all paths do not work in all windows, such as windows 8, if you write a script to start the process, then compile exe , you can use a program like runasadmin to run as the administrator of your exe on the system, but still does not work on Windows 8

-4
source

More articles:


All Articles