How to run a process as non-admin from an elevated PowerShell console?

前端 未结 4 1709
孤独总比滥情好
孤独总比滥情好 2021-02-05 13:51

Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A\'s I found on StackOverflow such as this, this and this all give a solution to

相关标签:
4条回答
  • 2021-02-05 14:19

    Another, limited, way: Make Windows Explorer launch it for you

    PS C:\> explorer.exe "C:\windows\system32\cmd.exe"
    

    Just use the full path and extension. But it does NOT accept parameters.

    I tried creating a batch file. But explorer refuses to launch .BAT or .CMD.

    0 讨论(0)
  • 2021-02-05 14:28

    When you dig into this problem, as mentioned by the linked tasks, there is no way to run a UAC "non" elevated process from a elevated process. Since this is exactly what I required and the runas solution didn't work for me I converted the code workaround supplied by Microsoft to use a scheduled task to Start a "non" elevated process.

    Example of running powershell.exe as a "non" elevated process from a elevated powershell prompt:

    $apppath = "powershell.exe"
    $taskname = "Launch $apppath"
    $action = New-ScheduledTaskAction -Execute $apppath
    $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
    Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-Null
    Start-ScheduledTask -TaskName $taskname
    Start-Sleep -s 1
    Unregister-ScheduledTask -TaskName $taskname -Confirm:$false
    

    The above powershell commands only work on Windows Server 2012 / Windows 8 and greater only.

    Or you can use the SCHTASKS.EXE application instead to cover most versions of windows:

    $apppath = "powershell.exe"
    $taskname = "Launch $apppath"
    schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppath
    schtasks /run /tn $taskname
    Start-Sleep -s 1
    schtasks /delete /tn $taskname /F
    
    0 讨论(0)
  • 2021-02-05 14:30

    in start-process exist switch runas like

    start-process powershell -verb runAs
    

    but still uac check you if in your system uac on you should first bypass uac there are many way exist for bypass uac but all ways doesn't work in all windows like windows 8 if you write script for run process then compile to exe you can use program like runasadmin for run as admin your exe in system but still not work in windows 8

    0 讨论(0)
  • You can specify the TrustLevel with runas.exe, effectively running "restricted"

    runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"
    

    You should see in the output from whoami that the Administrators group in your token is marked as "Used for Deny only"


    enter image description here

    0 讨论(0)
提交回复
热议问题