I have an application which needs to run As Admin. - no problems with this.
This app sometimes needs to launch a secondary application, however this second application inherits the "Run as Admin" elevated status from the parent application. I don't want this, I would like to launch the second application with the same rights as would be granted when not launching "As Admin"
I can find many articles for this scenario the other way round, but none for lowering access rights.
Is this possible?
This MSDN post redirected me to this SO question
It proposes the following since starting a non-elevated process from an elevate is error-prone:
Your app initially starts as non-elevated application, and its manifest has asInvoker
level.
When it starts, it restarts itself with elevated privileges using runas
verb, and passes a command-line parameter to indicate it. This instance performs all parts that need admin priviledges.
Here comes the non-elevated app again, and starts your secondary application with the same non-elevated user token that started the first instance of the app in step 1.
I hope this can anyhow be applied to your scenario.
As said, what you want to achieve is very error-prone, yet in this SO question there are some possible hacky solutions.