Add a "sudo" utility to quickly execute a single command as Admin inside a cmd/powershell console

[lorenzobilli]

I think it would be very useful to have a command/utility that behaves likes the classic "sudo" on *NIX systems inside consoles.

As you know the only quick and dirty way to execute a cmd or powershell command as Administrator is to open an elevated console first and then execute the required command.

This is a much more cumbersome way to obtain Administrator privileges, and it's quite annoying when you often try to execute a single command that needs Admin privileges inside a standard console, since it forces you to open another console as Administrator, then retype the entire command and execute it. A sudo-like utility would be a dream.

[PowerWindowsXP]

This is a awesome idea. But since Ubuntu she'll is going to be in the new windows terminal I see only a temporary need.

[malxau]

@PowerWindowsXP - I don't think that's the same thing. sudo within Ubuntu means root within the WSL VM. sudo within CMD/PS means run in elevated context in the Windows host.

[glen-84]

See also https://github.com/microsoft/Terminal/issues/146.

[bendyson]

I may be mistaken, but can't this be done using the runas command?

[orev]

This cannot be done with "runas" command. The most important feature of 'sudo' is that it asks for your password, not the admin password. This little detail makes a dramatic difference.

There are often times when you need to allow a user to execute a single command as Admin, but don't want to / cannot give them an admin account, because then that would allow them to run anything as admin. Sudo style allows you to whitelist commands they can run, and also prevents the need to share the full admin password.

I know there are other security issues with this, such as once the program is started as Admin, one could possibly launch other commands or access files as Admin, but that is specific to each application and should be a decision made by an Administrator. I'm also sure someone will argue that you can "usually" use a shim or something to get around the Admin requirement, but there are situations where you can't. Again, it should be up to the Administrator.

[felintusun]

sudo in a native way would be nice :). There is a sudo implementation by lukesampson that works quite good for me. http://blog.lukesampson.com/sudo-for-windows

[lorenzobilli]

@felintusun yeah I'm actually using it too. However it doesn't seem to work 100% with PowerShell Core. Yeah, a native, "official" sudo would be nicer :)

[klaernie]

One should also add: if you try scripting for multiple different machines where certain commands need to be executed as another user you always run into the problem, that even with you being elevated you need the target users password to run anything or schedule a task for them. And this isn't even a security benefit, as you could as admin always set a login script in the registry that breaks the target users session, so it isn't like requiring the password would remedy the last security hole. It only makes a mess for people scripting. I probably have discarded 20 automation attempts, simply because I can't make this user switch work without transporting the target user's password as well.

[ghost]

There is a better tool for this -> gerardog/gsudo

It is written in C#, licensed under MIT, works well with PowerShell Core

@crutkas It would be cool if we could integrate this project

[just1a-person]

There is a better tool for this -> gerardog/gsudo

It is written in C#, licensed under MIT, works well with PowerShell Core

@crutkas It would be cool if we could integrate this project

Even though I suggested this, I now know this is going to be a bad idea for PowerToys to implement this. The security "infrastructure" in Windows is totally different from Linux making it impossible to make a "safe sudo" for Windows.

/cc @crutkas

[UEFI-code]

There is tool called "NSUDO", which let you create a process with TrustInstaller premission, and you can del & kill system process easily

[joadoumie]

We've just announced Sudo for Windows. We're working hard to field feedback for missing features, so please go thumbs up an issue if you see something you'd like added or create a new feature request on the sudo GitHub repo!

Closing out this issue as we'll do all the feature request tracking etc. in the new repository :)