just a question for clarification are they doing the Shift+Right click “Run as different user” when they are attempting to elevate under a difference set of credentials?

Yes, run as different user can open as the other user, but not an administrative command prompt as that other user. 

Thanks for that clarification. Raising CMD with elevation is really a high-risk component. Best practice in this regard would be to elevate the commands they are running in CMD rather than elevating the entire application.

For example if I wanted to allow group policy update to be elevated then in my application group I would create an application for this command.  Most of the commands you typically run from CMD are located in the Application templates (When you go to add a new app instead of clicking “Create New Application” use the “Add from Templates”) 

I believe by default EPM doesn’t allow you to elevate CMD because of its extreme risk.

I know I’ve tried adding a rule, and even creating a shortcut and having that shortcut “run as admin” so that when I launch with Password Safe credentials it would be admin, but that also didn’t work. 

Someone else may have a better idea, but that is the route I’ve gone down.

So the run as other works but the process is not elevated?

 

So the run as other works but the process is not elevated?

 

 

This actually made me just think of something…

It might be possible to create a new custom token that has higher privileges, then assign that token in the workstyle to the application rule.  I haven’t tried this method yet, but I know you can get a little more granular with tokens doing this.

​@DavidC  Yes, it’ll open the new command prompt window as the 2nd user, but it can’t open an administrative command prompt as that second user, even though the 2nd user is also a local administrator. From what I’m told certain commands can only be run from the administrative command prompt, no matter what the user’s actual permissions are, which is what’s causing the issue.