Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A's I found on StackOverflow such as this, this and this all give a solution to do this with a custom C# code. My question is specifically, is there any straightforward way to do this in PowerShell? i.e. you are in an elevated PS console and want to run a process as non-admin.
You can specify the TrustLevel
with runas.exe
, effectively running "restricted"
runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"
You should see in the output from whoami
that the Administrators
group in your token is marked as "Used for Deny only"
When you dig into this problem, as mentioned by the linked tasks, there is no way to run a UAC "non" elevated process from a elevated process. Since this is exactly what I required and the runas solution didn't work for me I converted the code workaround supplied by Microsoft to use a scheduled task to Start a "non" elevated process.
Example of running powershell.exe as a "non" elevated process from a elevated powershell prompt:
$apppath = "powershell.exe"
$taskname = "Launch $apppath"
$action = New-ScheduledTaskAction -Execute $apppath
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-Null
Start-ScheduledTask -TaskName $taskname
Start-Sleep -s 1
Unregister-ScheduledTask -TaskName $taskname -Confirm:$false
The above powershell commands only work on Windows Server 2012 / Windows 8 and greater only.
Or you can use the SCHTASKS.EXE application instead to cover most versions of windows:
$apppath = "powershell.exe"
$taskname = "Launch $apppath"
schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppath
schtasks /run /tn $taskname
Start-Sleep -s 1
schtasks /delete /tn $taskname /F
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With