Windows is getting its own version of the popular Linux sudo tool. Sudo for Windows is a new way for users to run elevated commands - as an administrator - directly from an unelevated console session on Windows, Microsoft said.
Sudo (‘su do’ or ‘superuser do’ depending on your point of view) is a tool that allows a system administrator to give users the ability to run commands as root or as another user, on a per-command basis. It’s a well-known and handy feature for Linux users but hasn’t been a part of Windows until now.
“Windows now has a built-in Sudo command. So you can run elevated tools directly from Terminal, without having to right-click and select ‘run as admin’ and start a new session. With this you can do file operations like deleting a protected file, invoking elevated commands, or opening up a new command shell,” Microsoft partner development manager Cory Hendrixson explained.
The new feature – for Windows at least – is coming with the Windows 11 Insider Preview Build 26052. Sudo for Windows isn’t available for Windows 10, but may be in the future, Microsoft said.
“It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console,” said Windows Developer Platform product manager Jordi Adoumie.
Adoumie also said Microsoft is going to open source the project on GitHub, and suggested anyone looking for extra functionality beyond that offered by sudo for Windows should look to Gerardo Grignoli’s gsudo, which has a number of additional features and configuration options and describes itself as ‘the missing piece in Windows’.
Getting started with Sudo for Windows
Microsoft said to enable Sudo for Windows, you have to navigate to the Settings > For Developers page in Windows Settings and toggle on the “Enable Sudo” option.
Sudo for Windows currently supports three different configuration options.
The configuration can be set from the Settings > For Developers menu or programmatically, using the command line.
The configuration options are:
In a new window (forceNewWindow)
The forceNewWindow configuration option is the default configuration option for Sudo for Windows.
You can use sudo in this configuration to run the command in a new window. This is similar to the behavior of the runas /user:admin command.
Input closed (disableInput)
The disableInput configuration option will run the elevated process in the current window, but with the input handle closed. Microsoft said this means that the elevated process will not be able to receive input from the current console window.
That is useful when you want to run a command as an administrator, but do not want to allow the command to receive input from the current console window.
Microsoft said this option provides some of the convenience of the inline configuration option while mitigating some of the associated security risks.
Inline (normal)
The normal configuration option is most similar to how sudo behaves on other operating systems, and will run the elevated process in the current window and the process will be able to receive input from the current console session.
“This configuration option provides the most convenience, but you should only choose this option if you are familiar with the associated security risks,” Microsoft said.
How to use Sudo for Windows
To use Sudo for Windows, add sudo to the front of the command you want to run as an administrator. For example, to run netstat -ab as an administrator, you would run sudo netstat -ab in your console window.
Because sudo elevates the targeted process to run with administrator-level permission, a prompt will open asking you to verify that you want to continue.
What about the security risks?
Microsoft noted that there are some risks associated with running sudo in the Input closed (inputClosed) or Inline (normal) configurations. The inline configuration option runs the elevated process in the current window and the process is able to receive input from the current console session.
An unelevated process can send input to the elevated process within the same console windows or get information from the output in the current windows in this configuration.
The inputClosed configuration option mitigates risk by closing the input handle.
RELATED WHITEPAPER
It's also worth noting that Windows does have an existing runas command. While sudo allows you to quickly elevate a command as administrator from your current unelevated command line context, the runas command offers a way to run programs as any user, including administrator. Right now, the sudo command on Windows does not support running programs as other users.
“You should consider your particular use-case and plan to use the command that best meets your needs. You should also consider the security implications of running sudo in the inputClosed and normal modes,” Microsoft said.
“The default forceNewWindow configuration option is recommended unless you are familiar and comfortable with the risks associated with the other sudo configurations.”
-
US Senator calls for Microsoft to be investigated over ‘gross cybersecurity negligence’News Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Windows 10 extended support costs could top $7 billionNews Enterprises sticking with Windows 10 after the October deadline face huge costs
-
A senior Microsoft exec says future Windows versions will offer more interactive, ‘multimodal’ experiencesNews With speculation over a Windows 12 reveal mounting, a senior company figure claims the new operating system will mark a step change for users
-
Microsoft’s botched August updates wiped SSDs, now it’s breaking PC resets and recoveries on WindowsNews An out-of-band patch has been issued by Microsoft to fix a flaw introduced by its August update
-
A Windows 11 update bug is breaking SSDs – here’s what you can do to prevent itNews Users first began reporting the Windows 11 update bug last week
-
The Windows 11 migration conundrum: What role can the channel play?Industry Insights Resellers are instrumental to making the right choice about the next steps...
-
Windows 10: Six essential steps IT teams should take over the next two monthsIndustry Insights With Windows 10 support ending soon, IT leaders must act now to mitigate risk
-
The NCSC just urged enterprises to ditch Windows 10 – here’s what you need to knowNews The UK cyber agency says those that haven’t migrated to Windows 11 should do so immediately
-
Windows 11 finally overtakes Windows 10 in popularity – but what’s driving this surge?News It’s been a long time coming, but Windows 11 is finally Microsoft’s most popular operating system
