Run Commands as Administrator in Windows Command Line or PowerShell

There are lots of limitations when trying to troubleshoot end user computer. I have to log in with their normal user account and see what is happening to their machine. At the same time, I have to use some command line to run some commands from CMD or PowerShell as admin.

Unfortunately, Group Policy has disabled to use admin mode for CMD and PowerShell:

The error message is what I got is when I tried to run them as admin:
"This app has been blocked by your system administrator. Contact your system administrator for more info."

How to force application to run without elevation on Windows 10/8/7/Vista

There are some programs that by default requires from the user to execute them with Administrator privileges (Also known as Elevation or 'Run As Administrator'). For example, RegEdit.exe of Windows operating system always requires to run it as Administrator.

However, it's possible to force a program that requires elevation to run without elevation.
Here's 4 different ways to run a program without elevation:

1. You can set the __COMPAT_LAYER variable to RunAsInvoker and then run the desired program, for example:
   cmd.exe /c "set __COMPAT_LAYER=RunAsInvoker && regedit.exe"
2. You can use the AdvancedRun tool - in the 'Run As' combo-box you have to choose 'Current User - Without UAC Elevation'
3. You can use the AppCompatibilityView tool if you want to always run a specific .exe file without elevation. You have to add the .exe file by dragging it to the AppCompatibilityView window and then choose - Add Compatibility Option -> Run As Invoker.
4. Use the RunWithoutElevation tool to run without elevation from command-line, for example:
   RunWithoutElevation.exe regedit.exe

Notepad a.bat file to add following commands to run 7zip's installation file. 

Set __COMPAT_LAYER=RunAsInvoker
Start 7z2301-x64.exe

Double click the bat file to run it. Then you will be prompted a Destination Folder window to install your 7zip file. Please make sure selecting some folders you have permission to write the files into, not "program files".

From CMD to Run CMD and Powershell as Administrator

Here is my way to get this working for cmd or PowerShell:
1. For CMD, use runas :
runas /user:netsecadmin@itprosec.com cmd

C:\Users\netsec>runas /user:netsecadmin@itprosec.com cmd
Enter the password for netsecadmin@itprosec.com:
Attempting to start cmd as user "netsecadmin@itprosec.coma" ...

C:\Users\netsec>

2. For PowerShell,
from method 1 opened CMD (runas) windows, directly run PowerShell

C:\windows\system32>powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\windows\system32>

Commands in CMD

Once you are in admin CMD or Powershell mode, you can launch following programs in admin mode to do further troubleshooting:

• MMC
• Regedit
• secpol.msc
• eventvwr 
• systeminfo
• optionalfeatures - Turn Windows features on or off
• compmgmt.msc - Computer Management
• sysdm.cpl - System Properties
• %windir%\system32\WindowsSandbox.exe

More commands can be found from msconfig -> Tools window:

For example: check remote system's boot time:

SystemInfo /s Remote_Computer | find "Boot Time:"

Runas /profile /user:51sec\user2 "mmc %windir%\system32\dsa.msc"

Video

How to Install or Run Any Program Bypassing UAC Prompt Without Admin Rights

References

• How User Account Control works
• How to Turn User Account Control On or Off in Windows 10 and later