如何从提升的 PowerShell 控制台以非管理员身份运行进程？

Question

Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A's I found on StackOverflow such as this , this and this all give a solution to do this with a custom C# code. My question is specifically, is there any straightforward way to do this in PowerShell? ie you are in an elevated PS console and want to run a process as non-admin.

Answer 1

You can specify the TrustLevel with runas.exe , effectively running "restricted"

runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"

You should see in the output from whoami that the Administrators group in your token is marked as "Used for Deny only"

---

Answer 2

When you dig into this problem, as mentioned by the linked tasks, there is no way to run a UAC "non" elevated process from a elevated process. Since this is exactly what I required and the runas solution didn't work for me I converted the code workaround supplied by Microsoft to use a scheduled task to Start a "non" elevated process.

Example of running powershell.exe as a "non" elevated process from a elevated powershell prompt:

$apppath = "powershell.exe"
$taskname = "Launch $apppath"
$action = New-ScheduledTaskAction -Execute $apppath
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname | Out-Null
Start-ScheduledTask -TaskName $taskname
Start-Sleep -s 1
Unregister-ScheduledTask -TaskName $taskname -Confirm:$false

The above powershell commands only work on Windows Server 2012 / Windows 8 and greater only.

Or you can use the SCHTASKS.EXE application instead to cover most versions of windows:

$apppath = "powershell.exe"
$taskname = "Launch $apppath"
schtasks /create /SC ONCE /ST 23:59 /TN $taskname /TR $apppath
schtasks /run /tn $taskname
Start-Sleep -s 1
schtasks /delete /tn $taskname /F

Answer 3

You can run a non-admin process from an elevated session by passing in the credential of the user you want to run as. You can use Get-Credential if you want to run interactively, or you can use Import-Clixml or SecretStore or some other established mechanism for storing and retrieving credentials if you want a script to run unattended. Eg:

$credential = Get-Credential -UserName $Env:USERNAME
# or
$credential = Import-Clixml -Path 'C:\MyCredential.cred'

Start-Process -FilePath pwsh.exe -ArgumentList '-noprofile' -Credential $credential -Wait

Answer 4

Another, limited, way: Make Windows Explorer launch it for you

PS C:\> explorer.exe "C:\windows\system32\cmd.exe"

Just use the full path and extension. But it does NOT accept parameters.

I tried creating a batch file. But explorer refuses to launch .BAT or .CMD .

Answer 5

in start-process exist switch runas like

start-process powershell -verb runAs

but still uac check you if in your system uac on you should first bypass uac there are many way exist for bypass uac but all ways doesn't work in all windows like windows 8 if you write script for run process then compile to exe you can use program like runasadmin for run as admin your exe in system but still not work in windows 8