Niklas Blog

Exploring Device Management.

Windows Sudo

04 March 2025

What is sudo?

You may know the sudo command from linux. And now Microsoft created a sudo command for Windows, build-in to Windows 11 which can be used to elevate a command from an console that is running with standard user permissions. This might be helpfully when you started a Terminal session, created some variables and then want to start a process or script that needs evelated rights. Using sudo you can elevate this process right in a standard terminal session.

In this post I want to show you how to configure Sudo for Windows trough Microsoft Intune and configure it.

So lets dive into it :)

How to configure the sudo function for Windows devices?

First of all we need to start by configuring the sudo command. To do so we are going to create (or edit an existing one - how ever you like) a settings catalog policy in Microsoft Intune for our Windows devices.

Open the Intune portal and navigate to Configuration under Windows in the Devices blade. Here create (or edit an existing one) a settings catalog policy:

In this example I am going to create a new policy:

Give it a name and description:

Next, search for sudo in the settings picker and add Enable sudo to our policy:

Now, if you like, we can configure how the sudo command works:

  • Sudo is disabled
    • This disables sudo.
  • Sudo ist allowed in "force new window" mode
    • This opens a new window and executes the process/command.
  • Sudo is allowed in "disable input" mode
    • This blocks input to the command. If you for examle run a process with sudo where more input is required, you could not input with this mode.
  • Sudo is allowed in "inline" mode
    • This runs the process as sudo and you can add input as well as output or errors will be shown.

In this example we will use the inline mode:

How to use sudo in Windows?

Now that we have sudo configured in Intune, lets see how we can use it in Windows. So lets start a Windows Terminal with PowerShell.

As you can see, we are not running a elevated session here:

So lets enter the sudo-command, to see if it is available and enabled:

Lets try to launch Regedit with sudo:

As the PowerShell session was not elevated, I excepted a UAC and there it is:

Once, I clicked Yes to approve the UAC request the Regedit-App opened and as you can see, sections where elevation are required are now available:

Conclusion

The sudo feature in Windows for Windows Terminal represents a significant enhancement for the user experience of developers and system administrators. By integrating this feature, Windows Terminal now allows users to execute commands with elevated privileges seamlessly, without the need of restarting a terminal session. This addition not only streamlines workflows but also bridges the gap between Windows and Linux environments. It is definitely worth a try :)