MelmixDK Oskaloq TM-GTN thank you for your feedback. We appreciate you taking the time to share it with us.
Allowing users to run cmd.exe as elevated is not something we would typically recommend anyone do. As you noted, once you have cmd.exe running with administrator level permissions, the user can use it to launch any other process. All child processes inherit the permissions of the parent process, which means everything launched from the cmd.exe window will be elevated as well.
We are working on adding the ability to control what happens with any child processes, giving the administrator the ability to specify if those child processes will be allowed to run elevated. This will be coming in a future release.
We will also have other fixes and improvements coming in each monthly service release, which will take care of many of the issues you have noted above. We're excited to continue to add value for you each month.