Windows – How to open the User Account Control settings from command line

I would always do user management in lusrmgr.msc. Only there you have full control of a user account. Also, when you rename an account, it doesn't change the name of the profile directory. The (IMHO) best way to clean up your issue is:

• log in as Administrator (you probably have to enable the account first and set a password)
• delete the renamed user account (not its profile folder)
• create a new user account with the correct name
• log into the new account to create a new profile folder, then log off again
• log in as Administrator again
• copy (don't move!) your files from the old profile folder to the new profile folder (if you get permission denied at this point, you have to take ownership first)
• log in as the new user again and check if you can access your files all right

When everything is working, you can delete the old profile (in the search box type view advanced system settings and press enter, then click Settings... in the User Profiles box, select the profile that says Account Unknown and click Delete).

You will have to do your account's configuration over with this procedure, but you'll have a clean account and profile afterwards.

TL;DR - The only option is to spawn another process. (A new cmd.exe.) In the case of the Command Prompt, starting a new instance with an access token that has higher permissions will always result in a new window being created.

It's not possible to grant additional permissions to an already running process.

When a user with administrative rights logs into a Windows machine with User Account Control (UAC) enabled, two separate access tokens are created:

1. One with full administrator access, and
2. A second "filtered token" with standard user access

At the time a process (e.g. CMD.EXE) is created, it is assigned one of these two access tokens. If the process is run "elevated" as Administrator, the unfiltered access token is used. If the process is not granted admin rights, the filtered, standard user token is used.

Once a process has been created it is not possible to replace its access token.¹ In this MSDN Application Security for Windows Desktop thread, a poster identifying himself as a member of the Windows Kernel Team states:

The NT kernel was never intended to allow token switching once a process started running. This is because handles, etc. may have been opened in an old security context, inflight operations may use inconsistent security contexts, etc. As such, it typically does not make sense to switch a process' token once it has begun execution. However, this was not enforced until Vista. [emphasis mine] (Source thanks to @Ben N)

Note: User Account Control was introduced with the release of Windows Vista.

This Super User answer cites two additional sources confirming the same:

• The devzest.com blog post Programming Elevated Privilege/UAC:

  Code can only be elevated at process level when startup, which means that a running process cannot be elevated. In order to elevate an existing application, a new instance of the application process must be created...

• The techtarget.com article How to elevate programs' privileges correctly using Vista's UAC:

  Programs can't be elevated once they've already been launched...

Therefore it's simply not possible to elevate Command Prompt or any other process in-place. The only option is to spawn another process with a new access token (which can be another instance of the original process if desired). In the case of the Command Prompt, starting a new instance with an access token that has higher permissions will always result in a new window being created, and if UAC prompts are enabled on the system, they will be triggered as well.

¹You can adjust the privileges in an existing access token with the AdjustTokenPrivileges function, but according to MSDN:

The AdjustTokenPrivileges function cannot add new privileges to the access token. It can only enable or disable the token's existing privileges.