Windows – command which can elevate the Command Prompt in place

command lineuacwindows

On *nix systems, you can get a root shell like so:

$ su # or 'sudo -s'
#

The root shell is spawned in place within the same terminal.

I'm trying to find something that does a similar, in-place elevation on the Windows Command Prompt. In other words, it should not spawn a new window or display UAC prompts. So far I've been able to make a scheduled task that bypasses UAC, but the elevated Command Prompt window is not spawned in place.

Is there a similar command for Windows that does an in-place elevation without spawning a new window?

Best Answer

TL;DR - The only option is to spawn another process. (A new cmd.exe.) In the case of the Command Prompt, starting a new instance with an access token that has higher permissions will always result in a new window being created.


It's not possible to grant additional permissions to an already running process.

When a user with administrative rights logs into a Windows machine with User Account Control (UAC) enabled, two separate access tokens are created:

  1. One with full administrator access, and
  2. A second "filtered token" with standard user access

At the time a process (e.g. CMD.EXE) is created, it is assigned one of these two access tokens. If the process is run "elevated" as Administrator, the unfiltered access token is used. If the process is not granted admin rights, the filtered, standard user token is used.

Once a process has been created it is not possible to replace its access token.1 In this MSDN Application Security for Windows Desktop thread, a poster identifying himself as a member of the Windows Kernel Team states:

The NT kernel was never intended to allow token switching once a process started running. This is because handles, etc. may have been opened in an old security context, inflight operations may use inconsistent security contexts, etc. As such, it typically does not make sense to switch a process' token once it has begun execution. However, this was not enforced until Vista. [emphasis mine] (Source thanks to @Ben N)

Note: User Account Control was introduced with the release of Windows Vista.

This Super User answer cites two additional sources confirming the same:

Therefore it's simply not possible to elevate Command Prompt or any other process in-place. The only option is to spawn another process with a new access token (which can be another instance of the original process if desired). In the case of the Command Prompt, starting a new instance with an access token that has higher permissions will always result in a new window being created, and if UAC prompts are enabled on the system, they will be triggered as well.


1You can adjust the privileges in an existing access token with the AdjustTokenPrivileges function, but according to MSDN:

The AdjustTokenPrivileges function cannot add new privileges to the access token. It can only enable or disable the token's existing privileges.