Why does rundll32 comsvcs.dll fail to dump lsass when run from cmd but succeed from PowerShell?

The `rundll32` method relies on the **SeDebugPrivilege** permission. Even with administrator privileges, cmd starts with this privilege set to **Disabled**, so the API call fails. PowerShell, when launched as administrator, has the privilege set to **Enabled** by default, allowing the dump to succeed. You can bypass this by wrapping the rundll32 command in a PowerShell one-liner or by using a VBS/C program that explicitly enables the privilege. This is a common nuance in exploitation testing.