How to launch an un-elevated process from an elevated process - James Finnigan - Site Home

Update: Please refer to Aaron's FAQ which is being maintained while this post has grown stale

This question has come up a fair amount lately. The short answer is that you don't* - instead you should:

first launch an unelevated process
have that unelevated process launch an elevated process and wait for it to finish (or use some form of IPC)
have that unelevated process then do what you wanted the elevated process to un-elevate and do

OK, but why? When you elevated there's a good chance that you also changed users. If you simply had a way to generate the split token associated with the elevated user, then you would be running as the wrong user.

This is all documented, of course, in the Windows Vista Application Development Requirements for User Account Control Compatibility document (I hate sentence names).

* Caveat: There is still a way to launch a process as that original user with the split token - use task scheduler (see the linked document for the source code). I don't recommend using task scheduler (I recommend the process above), but there are times when your choices are limited.