Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Sudo for Windows - Elevating Command Execution in Windows 11

Sudo for Windows - Elevating Command Execution in Windows 11

This item in japanese

Microsoft announced that Sudo for Windows will be available in the latest Windows 11 Insider Preview Build 26052. This tool transforms how users execute elevated commands directly from an unelevated console session. Sudo for Windows provides an intuitive and familiar solution, eliminating the need to open a new elevated console and enhancing the user experience.

Sudo for Windows is open-source on GitHub and the plans and additional features will be shared in the coming months. For users seeking extended functionality not already implemented in Sudo for Windows Microsoft suggests Gerardo Grignoli's gsudo as a compelling alternative. This tool offers numerous additional features and configuration options.

To activate Sudo for Windows, head to the Settings > For Developers page in Windows Settings, and toggle the "Enable Sudo" option.


"For developers" configuration panel with Enable sudo toggle

Alternatively, users can enable it through an elevated console session using the command:

sudo config --enable <configuration_option>

Sudo for Windows supports three configuration options, each serving a distinct purpose:

  1. In a New Window (forceNewWindow): Opens a new elevated console window to run the command.
  2. Input Closed (disableInput): Runs the elevated process in the current window with stdin closed, limiting user input.
  3. Inline (normal): Behaves similarly to sudo on other operating systems, connecting stdin, stdout, and stderr to the current window.

Example scenarios are the following:

  • In a New Window Configuration: Running sudo netstat -ab opens a new elevated console window, executing the command within it.
  • Input Closed Configuration: Running the elevated process in the current window with stdin closed.
  • Inline Configuration: Connects stdin, stdout, and stderr to the current window.

When elevating a process with `sudo`, a User Account Control (UAC) dialog prompts user confirmation. Once confirmed, the process is elevated based on the selected configuration. Users can explore optional parameters for the `sudo` command by running `sudo -h` in the console.

In the "In a New Window" configuration, sudo.exe launches a new elevated console window, mirroring the current window's directory and environment variables. For "Input Closed" and "Inline" configurations, sudo.exe initiates a new elevated process. The original unelevated `sudo.exe` establishes an RPC connection with the elevated process, facilitating information exchange.


Diagram of how the process hierarchy looks

Due to potential security risks, caution is advised when using "Inline" or "Input Closed" configurations. The "Input Closed" configuration mitigates risks by preventing the elevated process from reading user input.

About the Author

Rate this Article