Open chuacw opened 1 month ago
That error message is specific to when the user is not a member of the admins group:
https://github.com/microsoft/sudo/blob/5fd6a797213642061898b8f0ec4fee46ff82d5bc/sudo/src/helpers.rs#L181-L185 https://github.com/microsoft/sudo/blob/5fd6a797213642061898b8f0ec4fee46ff82d5bc/sudo/src/main.rs#L343-L347 https://github.com/microsoft/sudo/blob/5fd6a797213642061898b8f0ec4fee46ff82d5bc/sudo/src/main.rs#L311-L313
Are you either:
cmd
as another admin user)?As mentioned, this was the "Administrator" account, and it's a member of Administrators. UAC is totally disabled, set at "Never notify"
UAC is totally disabled, set at "Never notify"
I'm betting that's what it is. I'd guess what's happening here is the same thing Terminal had to deal with - there's a difference between running elevated with a split token, vs the "UAC entirely disabled" scenario. Heck, right above that, there's even:
Looks like that check doesn't happen till after the can_current_user_elevate
one. That should be easy enough for someone to rearrange the ordering of.
@zadjii-msft Is this a supported OS target?
I dunno if I can comment on the big-picture "is UAC disabled supported". I suppose it should be, at least from the perspective of sudo
. Seems like it'd be easy enough for us to just shortcut the "can you elevate" and just do the thing (even tho you don't need sudo at all at that point)
@zadjii-msft Was referring to sudo running on Windows Server 2022. I thought sudo was only targeting newer versions.
Oh yea I don't see why not. Sudo might be "targeting" newer versions, but it should work all the way back to, like, windows 7:
All it really needs is ConDrv, and that's been there for a loooong time now. Only reason we haven't backported it to win10 yet is because backporting takes a lot of paperwork to fill out 🤷
Cool thanks! I was looking to pitch in a fix here but wanted to verify running in this config was supported before I spun my wheels.
Sudo for Windows version
1.0.0
Windows build number
10.0.20348.2582
Other Software
No response
Steps to reproduce
On Windows Server 2022, in an Administrator cmd.exe window,
sudo c:\windows\system32\cmd.exe
Expected Behavior
Expect cmd to run
Actual Behavior
Got "You are not allowed to run sudo" instead.