Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A\'s I found on StackOverflow such as this, this and this all give a solution to
Another, limited, way: Make Windows Explorer launch it for you
PS C:\> explorer.exe "C:\windows\system32\cmd.exe"
Just use the full path and extension. But it does NOT accept parameters.
I tried creating a batch file. But explorer refuses to launch .BAT
or .CMD
.
When you dig into this problem, as mentioned by the linked tasks, there is no way to run a UAC "non" elevated process from a elevated process. Since this is exactly what I required and the runas solution didn't work for me I converted the code workaround supplied by Microsoft to use a scheduled task to Start a "non" elevated process.
Example of running powershell.exe as a "non" elevated process from a elevated powershell prompt:
$apppath = "powershell.exe"
$taskname = "Launch $apppath"
$action = New-ScheduledTaskAction -Execute $apppath
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-Null
Start-ScheduledTask -TaskName $taskname
Start-Sleep -s 1
Unregister-ScheduledTask -TaskName $taskname -Confirm:$false
The above powershell commands only work on Windows Server 2012 / Windows 8 and greater only.
Or you can use the SCHTASKS.EXE application instead to cover most versions of windows:
$apppath = "powershell.exe"
$taskname = "Launch $apppath"
schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppath
schtasks /run /tn $taskname
Start-Sleep -s 1
schtasks /delete /tn $taskname /F
in start-process
exist switch runas
like
start-process powershell -verb runAs
but still uac check you if in your system uac on you should first bypass uac there are many way exist for bypass uac but all ways doesn't work in all windows like windows 8 if you write script for run process then compile to exe you can use program like runasadmin for run as admin your exe in system but still not work in windows 8
You can specify the TrustLevel
with runas.exe
, effectively running "restricted"
runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"
You should see in the output from whoami
that the Administrators
group in your token is marked as "Used for Deny only"