How to run exe with/without elevated privileges from PowerShell

Question

I would like an easy way to run a process with different privileges from the same user without asking or knowing his/her password. A dialog is okay if necessary. I would prefer not to launch a PowerShell sub-process to accomplish this.

Scenario 1: PowerShell script is running in admin-mode. I want to launch a script or an .exe without admin privileges but on the same user.

Scenario 2: PowerShell script is running in normal mode. I want to launch a script or an .exe with admin privileges on the same user.

Is the user in question a member of the Administrators group? — Ansgar Wiechers, Mar 25 '15 at 22:20
in powershell version 4.0 you can `Start-Process S:\1.bat -Verb runas` and add credential for that but still need user has administrator privilage — Soheil, Mar 26 '15 at 00:11
Yes, for the purposes of this question, the user is an Administrator. The script is running with elevated privileges and I want to launch a process without the elevated privileges from the script. — alejandro5042, Mar 26 '15 at 14:44

score 18 · Accepted Answer · edited Nov 22 '17 at 14:44

Let's split this into three parts.

First determine if current session is running with admin privileges:

$CurrentID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$CurrentPrincipal = new-object System.Security.Principal.WindowsPrincipal($CurrentID)
$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if session is currently with admin privileges

if ($CurrentPrincipal.IsInRole($adminRole)) {
    write-host "Yes we are running elevated."
}else{
    write-host "No this is a normal user session."
}

Now, if we are running with or without elevation, you can start a new process with elevated privileges like this:

$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run
$newProc.Arguments = "powershell.exe"
# If you set this, process will be elevated
$newProc.Verb = "runas"
[System.Diagnostics.Process]::Start($newProc)

And lastly, if we have elevated privileges, but would like to start a new process without...

I have no idea. Will have to try to find the answer to this, but as it is not a common scenario, I had no luck so far.

EDIT: I have now seen a couple of “solutions” for this scenario. There is no native way to do this in .NET/PowerShell. Some are quite complicated (Calls to some 12 COM objects). This vista-7-uac-how-to-lower-process-privileges is a good reference.

The one that seems most elegant to me, is exploiting a “bug” in explorer.exe. Just launch you .exe using explorer.exe and the resulting process runs without privilege elevation again.

$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run, you need the full path after explorer.exe
$newProc.Arguments = "explorer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
[System.Diagnostics.Process]::Start($newProc)

EDIT #2: Another way I have just found to start a new non-elevated process from an already elevated environment is to use the runas.exe with the 0x20000 (Basic User) trust level:

C:\> runas /showtrustlevels The following trust levels are available on your system: 0x20000 (Basic User) C:\> runas /trustlevel:0x20000 devenv

Thanks! Here's a one-liner to find out if you're in an elevated session: $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator") I'm most interested in the second case (elevated script running non-elevated exe) but I'm thankful for the opposite. That's really useful and I'll start using it. — alejandro5042, Mar 26 '15 at 14:47
Last resort, I can run my script in non-elevated mode, and then use your snippet to run a sub-section of it in elevated mode. — alejandro5042, Mar 26 '15 at 14:53
No problem. Glad it works. I have expanded the answer with the last scenario. I'ts not pretty, but seems to work. — Jan Chrbolka, Mar 27 '15 at 03:00
I do not think it is *"bug in explorer.exe"*. I believe it is just a side effect of how it works. For my understanding what does it do under the hood, see https://stackoverflow.com/q/63614641/850848#63615252 — Martin Prikryl, Aug 27 '20 at 14:51

score 0 · Answer 2 · edited Nov 09 '20 at 13:04

I use this as first command in all scripts that requires elevated mode, it transfer the script to another elevated process if I forgot to start up as Admin. You have to confirm so it's not suitable for automated tasks

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break }

How to run exe with/without elevated privileges from PowerShell

2 Answers2

Linked