Batch file: Drop elevated privileges (run a command as original user)

1. It's still a privileged program (though restricted) in Task Manager by using this command:

   runas /trustlevel:0x20000 <cmd>
   

2. You can try the other way, which will make it unprivileged in Task Manager:

   runas /savecred /user:%username% <cmd>
   

   You still need to enter the password once but not every time.

3. Use explorer.exe to launch the program:

   explorer.exe <cmd>
   

   explorer.exe won't accept arguments for cmd, but you can create a temp script file and lauch it by explorer.exe if arguments are necessary.

You can run a command with restricted privileges with:

runas /trustlevel:0x20000 "YourCommandHere"

You should provide the absolute path to your command including any arguments in double quotes as an argument to runas.

If you would like to run more than one command with restricted privileges, you can put them in a separate batch file and run it with:

runas /trustlevel:0x20000 "cmd /C PathToYourBatchFile"

Anyway, this will open a new console with restricted privileges. You also have to use this syntax whenever you wish to run with restricted privileges an internal command (like copy, del, etc.) as these are provided by the command line interpreter and do not have an associated path.

Note that 0x20000 is the trust level of standard users. You can list other available trust levels by running

runas /showtrustlevels