How to run a process as non-admin from an elevated PowerShell console?

orad picture orad · Apr 10, 2015 · Viewed 8.9k times · Source

Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A's I found on StackOverflow such as this, this and this all give a solution to do this with a custom C# code. My question is specifically, is there any straightforward way to do this in PowerShell? i.e. you are in an elevated PS console and want to run a process as non-admin.

Answer

Mathias R. Jessen picture Mathias R. Jessen · Apr 10, 2015

You can specify the TrustLevel with runas.exe, effectively running "restricted"

runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"

You should see in the output from whoami that the Administrators group in your token is marked as "Used for Deny only"


enter image description here