How to run a process as non-admin from an elevated PowerShell console?

Question

Maybe there is a way to do it with Start-Process cmdlet that I cannot find? The other related Q/A\'s I found on StackOverflow such as this, this and this all give a solution to

Answer 1

You can specify the TrustLevel with runas.exe, effectively running "restricted"

runas /trustlevel:0x20000 "powershell.exe -command 'whoami /groups |clip'"

You should see in the output from whoami that the Administrators group in your token is marked as "Used for Deny only"

---