launchUnelevated

launchUnelevated <program> [<args>]

This little tool uses Windows Shell to launch a given program, so that it uses the user's credentials instead of elevated/admin credentials.
For example, this can be handy for interacting with your source code editor (e.g. telling it to update its indexes).

Source: This StackOverflow answer by user zett42, who got this from Raymond Chen's blog post.

'launchUnelevated' requires Explorer to be running, and the user to be logged in.

Known limitations and issues

• The new process does NOT inherit current working directory or environment variables. See "environment" below for details.
• Since this is 'shell execute', it doesn't wait for the program to finish, and you can't get the program's return code.
  launchUnelevated does return success/error codes, but they only indicate the success/failure of starting the given program.
• Errors generated by 'launchUnelevated' itself, are written to stdout, not stderr.
• If you need to escape arguments (e.g. args with spaces in them), that probably works weirdly.

Environment

The new process does NOT inherit current working directory or environment variables - verified on Windows 10 version 1803
(build 17134.345).

I know this is intentional when moving in the other direction (elevating from a non-elevated process),
to thwart "current directory attacks": https://blogs.msdn.microsoft.com/oldnewthing/20071211-00/?p=24223

Maybe in this direction, it's not intentional. Or, maybe there's a similar kind of security issue this is preventing.
In any case, if I try to pass the current directory to ShellExecute, I see Explorer pass that to KERNELBASE!CreateProcessW,
and whatever happens to it, takes place after the kernel-mode transition.