Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A's I found on StackOverflow such as this, this and this all give a solution to do this with a custom C# code. My question is specifically, is there any straightforward way to do this in PowerShell? i.e. you are in an elevated PS console and want to run a process as non-admin.
You can specify the TrustLevel
with runas.exe
, effectively running "restricted"
runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"
You should see in the output from whoami
that the Administrators
group in your token is marked as "Used for Deny only"