5

I have a PowerShell script that runs as Administrator, and another script it calls that needs to not run as Administrator. I've used Start-Process -FilePath "powershell.exe" -Verb runas to elevate before, but how might I "unelevate" from a session already running as administrator?

I want to avoid third-party tools like psexec that this post uses. Ideally looking for a build-in PS function or PSSnapin.

The specific process requiring this "unelevated" session is seeing drives mounted by an administrator. According to this article UAC is the likely culprit. The solution proposed was running the following: New-ItemProperty -Path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLinkedConnections -Value 1 -PropertyType DWord

However, the drives still do not show up when Get-PSDrive runs in an elevated session.

Spencer H
  • 653
  • 3
  • 12
  • 30
  • Possible duplicate of [How can I make PowerShell run a program as a standard user?](https://stackoverflow.com/questions/31449633/how-can-i-make-powershell-run-a-program-as-a-standard-user) – rpm192 Dec 11 '18 at 15:46
  • Something like: `Start-Process -FilePath "powershell.exe" -Credential ` – Jelphy Dec 11 '18 at 16:49
  • I tried this Start-Process concept but it is still running as administrator, despite the creds. – Spencer H Dec 11 '18 at 20:44
  • What problem are you solving that requires this? – Bill_Stewart Dec 11 '18 at 22:42
  • Trying to see a list of network drives mounted by the standard user. However, list must be seen as part of a larger script run as administrator. Running `mount` or `Get-PSDrive` from the administrator script does not show the expected drives. However, the drives show up when either of those commands are run with standard privileges. – Spencer H Dec 17 '18 at 20:11
  • I don't think that "un-elevating" will solve your problem. User drive mappings are stored in HKCU (not HKLM), so even if you "un-elevate," you will still be running as the user that was elevated (not the logged on user). – Bill_Stewart Dec 17 '18 at 21:21

1 Answers1

2

You could try built-in runas.exe for "unelevation" like in this answer Batch file: Drop elevated privileges (run a command as original user)

runas /trustlevel:0x20000 "YourCommandHere"
montonero
  • 1,363
  • 10
  • 16
  • With a general `YourCommandHere` (e.g. "timeout 10") this technique would work. However, my script looks at mapped network drives using `Get-PSDrive` (or the `mount` cmd.exe equivalent). I created a .bat file (that runs `mount`) for "YourCommandHere" but it did not show the expected drives. – Spencer H Dec 17 '18 at 20:15
  • It seems that your issue is not about "unelevation". Have you seen this https://superuser.com/questions/199387/elevated-command-line-prompt-cant-access-shared-drives ? – montonero Dec 18 '18 at 07:11
  • Similar issue, but I need to avoid mapping the shared drives again (just testing the mounting for the "unelevated" user succeeded). Interesting [article](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee844140(v%3dws.10)) linked from that post with Microsoft's proposed solution. I tried creating a new registry key in 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` of `EnableLinkedConnections` as suggested in that article - but hasn't improved results yet. – Spencer H Dec 18 '18 at 14:20
  • IIRC, `EnableLinkedConnections` requires a reboot to take effect. But as I noted previously, I don't think this solves your problem anyway because mapped drives are per-user. – Bill_Stewart Dec 20 '18 at 15:24