Although it is not considered best practice (or even good practice), it is possible to launch a medium IL process from a high/admin IL process:

虽然它不被认为是最佳实践（甚至不是良好实践），但可以从高/管理 IL 流程启动中等 IL 流程：

See this post on codeproject

在 codeproject 上看到这篇文章

I can confirm that this code works on Vista 32 and 64-bit with and without UAC enabled.

我可以确认此代码适用于启用和不启用 UAC 的 Vista 32 和 64 位。

This question comes up every 3 or 4 months internally at MSFT.

这个问题在 MSFT 内部每 3 或 4 个月出现一次。

The answer that the security folks give is: You can't. When the elevated process token is created, there are changes made to the token that can't be undone.

安全人员给出的答案是：你不能。创建提升的进程令牌时，对令牌所做的更改无法撤消。

Your best bet is to have a launcher application that runs your elevated setup program and then when the elevated setup program is completed, turns around and runs your child process.

最好的办法是拥有一个启动器应用程序来运行您的提升安装程序，然后在提升安装程序完成后，转身运行您的子进程。

As a launcher you can use the portable powershell app deployment kit (Link). You can edit the deploy-application.ps1 and use Execute-ProcessAsUser to run applications/scripts with the current user even when you launched the powershell app deployment kit as admin

作为启动器，您可以使用便携式 powershell 应用程序部署工具包 ( Link)。即使您以管理员身份启动 powershell 应用程序部署工具包，您也可以编辑 deploy-application.ps1 并使用 Execute-ProcessAsUser 与当前用户一起运行应用程序/脚本