4
2
Is it possible to run a command without elevated privileges from batch file that was run with elevated privileges?
4
2
Is it possible to run a command without elevated privileges from batch file that was run with elevated privileges?
4
This seems to work.
runas /trustlevel:0x20000 <program>
(elevation privilege can be tested in a batch file like this)
I got the hint from runas /?
where it says
/showtrustlevels displays the trust levels that can be used as arguments
to /trustlevel.
/trustlevel <Level> should be one of levels enumerated
in /showtrustlevels.
runas /showtrustlevels
outputs
The following trust levels are available on your system:
0x20000 (Basic User)
I haven't any deeper understanding but it seems to do the job.
Welp, turns out that this is causing issues, at least for me.
My purpose involved launching Chrome but all pages crash and fail to load.
Another issue is I can't drag-n-drop items to and from applications launched this way and the normal way.
Task Scheduler is another way. It doesn't cause above mentioned issues. Although you have to create specific tasks in advance.
2
I found two ways of doing this:
First one requires Nirsoft's RunFromProcess.exe program. Assuming the process explorer.exe is not running elevated, this will work:
runfromprocess explorer.exe cmd.exe /k pushd %temp%
or
runfromprocess explorer.exe "C:\full path\to\bat\file.bat
A better way to do it is to use the program DeElevate.exe from Stardock:
DeElevate.exe "C:\full path\to\bat\file.bat" ["parameters"]
or
DeElevate.exe "C:\full path\to\program.exe" ["parameters"]
for example, this will work:
DeElevate.exe cmd.exe "/k pushd %temp%"
You can found the program DeElevate.exe as part of the Groupy application:
http://storage.stardock.com/files/current/Groupy-sd-setup.exe
after installing it (preferably in a sandbox or in a virtual machine) you will only need the files DeElevate64.exe, DeElevator64.dll from the directory "C:\Program Files (x86)\Stardock\Groupy\" if your system is 64 bits or the files DeElevate.exe, DeElevator.dll from "C:\Program Files\Stardock\Groupy\" if your system is 32 bits.
I could not get the first suggested answer to work but this worked famously. The stardock files also come with their ObjectDock product which is installed on the machine that needs this feature – FocusWiz – 2019-05-05T23:51:13.687
You can also just
runas
a different user. – Ramhound – 2015-02-24T18:48:50.833