How to run a process as current user privilege from an admin process

When a setup program(built by like Inno Setup) does launch a process, the process always be run as administrator privilege. -because setup program had been run as admin.

I want to run the child process as current user's privilege.

Is there a good way?

This question comes up every 3 or 4 months internally at MSFT.

The answer that the security folks give is: You can't. When the elevated process token is created, there are changes made to the token that can't be undone.

Your best bet is to have a launcher application that runs your elevated setup program and then when the elevated setup program is completed, turns around and runs your child process.

As a launcher you can use the portable powershell app deployment kit (Link). You can edit the deploy-application.ps1 and use Execute-ProcessAsUser to run applications/scripts with the current user even when you launched the powershell app deployment kit as admin

Although it is not considered best practice (or even good practice), it is possible to launch a medium IL process from a high/admin IL process:

See this post on codeproject

I can confirm that this code works on Vista 32 and 64-bit with and without UAC enabled.