How to run exe with/without elevated privileges from PowerShell

Asked 25/3, 2015 at 21:12 Answered 9/11, 2020 at 13:0

I would like an easy way to run a process with different privileges from the same user without asking or knowing his/her password. A dialog is okay if necessary. I would prefer not to launch a PowerShell sub-process to accomplish this.

Scenario 1: PowerShell script is running in admin-mode. I want to launch a script or an .exe without admin privileges but on the same user.

Scenario 2: PowerShell script is running in normal mode. I want to launch a script or an .exe with admin privileges on the same user.

Vertex answered 25/3, 2015 at 21:12 Comment(3)

Is the user in question a member of the Administrators group? – Peonir 25/3, 2015 at 22:20

in powershell version 4.0 you can Start-Process S:\1.bat -Verb runas and add credential for that but still need user has administrator privilage – Peters 26/3, 2015 at 0:11

Yes, for the purposes of this question, the user is an Administrator. The script is running with elevated privileges and I want to launch a process without the elevated privileges from the script. – Vertex 26/3, 2015 at 14:44

Let's split this into three parts.

First determine if current session is running with admin privileges:

$CurrentID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$CurrentPrincipal = new-object System.Security.Principal.WindowsPrincipal($CurrentID)
$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if session is currently with admin privileges

if ($CurrentPrincipal.IsInRole($adminRole)) {
    write-host "Yes we are running elevated."
}else{
    write-host "No this is a normal user session."
}

Now, if we are running with or without elevation, you can start a new process with elevated privileges like this:

$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run
$newProc.Arguments = "powershell.exe"
# If you set this, process will be elevated
$newProc.Verb = "runas"
[System.Diagnostics.Process]::Start($newProc)

And lastly, if we have elevated privileges, but would like to start a new process without...

I have no idea. Will have to try to find the answer to this, but as it is not a common scenario, I had no luck so far.

EDIT: I have now seen a couple of “solutions” for this scenario. There is no native way to do this in .NET/PowerShell. Some are quite complicated (Calls to some 12 COM objects). This vista-7-uac-how-to-lower-process-privileges is a good reference.

The one that seems most elegant to me, is exploiting a “bug” in explorer.exe. Just launch you .exe using explorer.exe and the resulting process runs without privilege elevation again.

$newProc = new-object System.Diagnostics.ProcessStartInfo "PowerShell"
# Specify what to run, you need the full path after explorer.exe
$newProc.Arguments = "explorer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
[System.Diagnostics.Process]::Start($newProc)

EDIT #2: Another way I have just found to start a new non-elevated process from an already elevated environment is to use the runas.exe with the 0x20000 (Basic User) trust level:

C:\> runas /showtrustlevels The following trust levels are available on your system: 0x20000 (Basic User) C:\> runas /trustlevel:0x20000 devenv

Plumbaginaceous answered 26/3, 2015 at 5:8 Comment(4)

Thanks! Here's a one-liner to find out if you're in an elevated session: $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator") I'm most interested in the second case (elevated script running non-elevated exe) but I'm thankful for the opposite. That's really useful and I'll start using it. – Vertex 26/3, 2015 at 14:47

Last resort, I can run my script in non-elevated mode, and then use your snippet to run a sub-section of it in elevated mode. – Vertex 26/3, 2015 at 14:53

No problem. Glad it works. I have expanded the answer with the last scenario. I'ts not pretty, but seems to work. – Plumbaginaceous 27/3, 2015 at 3:0

I do not think it is "bug in explorer.exe". I believe it is just a side effect of how it works. For my understanding what does it do under the hood, see https://mcmap.net/q/104832/-how-to-open-a-web-site-after-uninstallation-in-non-elevated-mode/850848#63615252 – Kimbell 27/8, 2020 at 14:51

I use this as first command in all scripts that requires elevated mode, it transfer the script to another elevated process if I forgot to start up as Admin. You have to confirm so it's not suitable for automated tasks

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break }

Marco answered 9/11, 2020 at 13:0 Comment(0)

Recommended topics

Hot tags