In short, and as the name could imply, RunasSystem will let open any program in your session as local system. That is nice and very easy. However, sometimes you may want to mimick a certain token by creating a new process with a duplicated token, with more power that what winlogon.exe would give you, for instance the trustedinstaller. But for creating a true duplicate (something devxexec actually don't) of the trustedinstaller's token, we must be local system in the first place, hence the requirement for the strange procedure that not everybody understood. It is thus for that reason that RunasSystem must launch RunFromToken, in order to access and create a primary token (duplicate) of for instance the trustedinstaller. This requirement may not be necessary when creating duplicates of other less picky process tokens. In addition, to the above requirement, I noticed that you may need certain privileges on the process in order to use the functions like CreateProcessAsUserW and CreateProcessWithTokenW. That is for both the tools, as both of them use those functions. OK, I'll upload new version of both tools later today, that will also add to your account the necessary right if missing (so that it can also be enabled when necessary on the fly).