8

Is it possible to run a command without elevated privileges from batch file that was run with elevated privileges?

laggingreflex
  • 5,035
  • 17
  • 65
  • 96

4 Answers4

6

This seems to work.

runas /trustlevel:0x20000 <program>

(elevation privilege can be tested in a batch file like this)

I got the hint from runas /? where it says

/showtrustlevels  displays the trust levels that can be used as arguments 
                   to /trustlevel.
/trustlevel       <Level> should be one of levels enumerated 
                   in /showtrustlevels.

runas /showtrustlevels outputs

The following trust levels are available on your system:
0x20000 (Basic User)

I haven't any deeper understanding but it seems to do the job.

Welp, turns out that this is causing issues, at least for me.
My purpose involved launching Chrome but all pages crash and fail to load.
Another issue is I can't drag-n-drop items to and from applications launched this way and the normal way.

Task Scheduler is another way. It doesn't cause above mentioned issues. Although you have to create specific tasks in advance.

Community
  • 1
laggingreflex
  • 5,035
  • 17
  • 65
  • 96
  • 1
    This method does not seem to work. Process started this way still shows `Yes` in the `Elevated` property shown in Task Manager > Details tab (Windows 10 21H1). --- Starting the process through `explorer.exe` works. See the answer by g.pickardou below: https://superuser.com/a/1626422/61370 – pabouk - Ukraine stay strong Mar 11 '22 at 09:36
  • I think this works, at least on Windows 7: the process is still "elevated", but running with restricted privleges - this can be checked by running `whoami /priv`. However, a problem I ran into with using `runas.exe` in a script is that it returned exit code 1 when the target program returned 0. – EM0 Apr 28 '23 at 19:49
5

I've tried explorer <full path to command to execute> and it works.

My idea was: Somewhen before I've tried to run explorer elevated from and elevated prompt without success. Also when I tried to create a shortcut to explorer, the Run As Admin was grayed.

I thought here is the time to turn explorer's behavior to a benefit.

g.pickardou
  • 349
  • 4
  • 14
  • 28
  • 2
    When you do `explorer path`, and any `explorer` process is already running, the new instance only asks the existing process to open the path in new window and exits. As you always have an unelevated `explorer` process running (the Desktop), this effectively means that `explorer path` results in unelevated window. And actually if there's no existing `explorer` process (you have killed the Desktop) and `explorer` was started elevated, the elevated `explorer` starts unelevated `explorer` and exits. You basically never have more instances of `explorer` running in parallel. – Martin Prikryl Feb 16 '21 at 08:44
  • Many thx for the explanation. – g.pickardou Feb 17 '21 at 06:43
3

I found two ways of doing this:

First one requires Nirsoft's RunFromProcess.exe program. Assuming the process explorer.exe is not running elevated, this will work:

runfromprocess explorer.exe cmd.exe /k pushd %temp%

or

runfromprocess explorer.exe "C:\full path\to\bat\file.bat

A better way to do it is to use the program DeElevate.exe from Stardock:

DeElevate.exe "C:\full path\to\bat\file.bat" ["parameters"]

or

DeElevate.exe  "C:\full path\to\program.exe" ["parameters"]

for example, this will work:

DeElevate.exe cmd.exe "/k pushd %temp%"

You can found the program DeElevate.exe as part of the Groupy application:

http://storage.stardock.com/files/current/Groupy-sd-setup.exe

after installing it (preferably in a sandbox or in a virtual machine) you will only need the files DeElevate64.exe, DeElevator64.dll from the directory "C:\Program Files (x86)\Stardock\Groupy\" if your system is 64 bits or the files DeElevate.exe, DeElevator.dll from "C:\Program Files\Stardock\Groupy\" if your system is 32 bits.

liamZ
  • 121
  • 1
  • 12
  • I could not get the first suggested answer to work but this worked famously. The stardock files also come with their ObjectDock product which is installed on the machine that needs this feature – FocusWiz May 05 '19 at 23:51
  • I used the runfromprocess nircmd app, with explorer.exe as proxy, and it worked perfectly. I have been searching far and wide before finding this, trying to find a way to launch something unelevated from a process that is elevated without being forced to have user credentials in clear text. – Karlsson Sep 12 '20 at 06:40
0

The only way that works for me without using any third party software is by using task scheduler.

  1. Create a new task for running the command.
  2. Do not to tick "Run with highest privileges".
  3. Specify your command in the actions tab
  4. Then from the elevated command prompt, execute: schtasks /Run /TN YourTaskName
Mob Code 100
  • 1
  • 1