With runas, privileges are really only elevated for the built-in administrator.
I don't see anything wrong with turning it on. If you want to be safe, change his name. Of course you need to assign a normal password.
But saving the admin password with runas /savecred is a shot in the foot. With this saved password and runas, any program can be run with elevated privileges from under any user. By doing this, you will make a big hole in the security of the network.
In fact, the purpose of this event is not very clear - you change the IP address. What for? I feel that what you want to achieve should be done differently. Options:
1. Make 2 IPs on one interface and let them always be.
2. Organize access to the 172.16.11 subnet through an intermediate gateway, on which, depending on certain conditions, access can be allowed or not.
3. You can run netsh remotely with admin privileges, of course the admin should run it, not the user. If you have AD, then the domain administrator can do this, if there is no AD, then on the user's computer you need to set the key in the registry:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
This key allows you to automatically elevate privileges when network access with admin rights. Local users and their privileges are not affected.
More specifically, it will be possible to say if you describe the purpose of changing the IP.

@echo off
if  "%~1" == "self" (
     netsh interface ip set address name="Ethernet" source=static 172.16.11.16 255.255.254.0 gateway=172.16.10.1 1 
     netsh interface ip set dns name="Ethernet" static 172.16.10.1
) else (
    powershell.exe Start-Process "D:\changeip.bat self" -Verb runAs 
)