Microsoft explains why Sudo for Windows 11 is different from the existing runas

Peer Networks UK Windows Latest Microsoft explains why Sudo for Windows 11 is different from the existing runas
0 Comments

Sudo is available in Windows 11 Build 26052 or newer. It is a means to run commands or programs with elevated permissions without manually opening another instance of Command Prompt or PowerShell. But Microsoft clarifies that it isn’t the same as using the runas command in Windows.

In a support document first spotted by Windows Latest, Microsoft enunciated the difference between Sudo and runas. As per the document, Runas allows you to run commands or programs as any user (even administrator) in Windows. Meanwhile, Sudo cannot run commands or programs like any other user.

However, Microsoft hinted at the possibility of running commands as another user with Sudo in the future. You may need to enter a password while using the runas command. But while using Sudo, you only need to accept the UAC prompt and grant administrative permissions.

sudo diagram
Image Credit: Microsoft

As you can see in the above diagram, Microsoft has explained how Sudo interacts with the OS when you type a command in your terminal process. For example, when you try to run netstat -ab using sudo (e.g., sudo netstat -ab), the terminal sends your command to the CLI shell (like PowerShell or Command Prompt).

The shell then communicates with the console driver (ConDrv) to handle the input/output.
The sudo.exe program is invoked, establishing an RPC connection to run the netstat -ab command. For those unaware, RPC stands for Remote Procedure Call, which is basically used for communication between processes on the same machine.

Sudo.exe with elevated privileges executes netstat -ab, which allows it to perform its task with administrative rights. In the Inline or Inputdisabled configurations, the unelevated Sudo.exe process creates an RPC connection with the new Sudo.exe process with elevated permissions.

Sounds fun, right? However, you should know the security complications while using Sudo with Inline or Inputdisabled configurations. Microsoft recommends using the new window configuration in Sudo because it is the most secure of the three options.

Here’s how you can change Sudo’s configuration:

  1. Visit the For Developers section in the Settings app.
  2. Click on the Configure how sudo runs application option.
  3. Select the In a new window option from the dropdown list.

choosing sudo option in settings

Sudo is exclusive to consumer editions

Microsoft officially confirmed Sudo is coming first to Windows 11 with Build 26052 in the Canary and Dev channels. Sudo was also included in the Windows Server Insider build, but Microsoft rectified its blog post to reveal that Sudo will be exclusive to the consumer editions.

So, only Windows 11 Home, Pro, Enterprise, and Edu versions will get the feature. Additionally, Microsoft also clarified that Sudo for Windows is open source and will be maintained on GitHub.

The post Microsoft explains why Sudo for Windows 11 is different from the existing runas appeared first on Windows Latest