There had been talk for days about the possible introduction of the command sudowidely known in the case of GNU/Linux operating systems and Unix-likeeven in the environment Windows. The addition seemed for the moment limited to the preview versions of Windows Server 2025, in reality the Redmond company broke the deadlock and decided to bring sudo also to Windows 11.
The sudo command is a “backbone” of Linux systems: its name stands for “superuser do” and allows users to execute commands with the security privileges of another user, usually the system administrator, known as “root“. It is used to launch commands that require elevated permissions, such as installing or removing software, configuring the system, applying changes to the contents of important directories.
Why add sudo command in Windows
The idea of adding sudo to Windows 11 takes inspiration from well-known behavior on Linux. Suppose you open a terminal window with normal user privileges. At a certain point, however, it is necessary to execute a command using more extensive rights.
Instead of closing the Command Prompt, PowerShell window, or new Windows 11 terminal screen, then reopening it by choosing Run as administrator and displaying the UAC prompt (User Account Control), the new can be invoked sudo command and perform the necessary operations with a range of privileges wider.
The great thing is that the Microsoft version of the sudo command is already an open source product: the official GitHub repository publishes the source code of the application. It’s absolutely not a porting of the version of sudo for GNU/Linux systems but it is rather an implementation, written from scratch by the software engineers of the Redmond company.
The sudo command is already usable in the preview version of Windows 11 (starting from build 26052) and will soon be included in the stable release of the Microsoft operating system.
How to activate sudo in Windows 11
To start using sudo in Windows 11, simply type
sviluppatori in the operating system search box and then select Use developer features. Among the various proposals, immediately below the item PowerShellyou will find the option Enable sudo.
Alternatively, you can open a terminal window with administrator privileges then type the following:
sudo config --enable normal
The possible ways to use sudo in Windows 11
Currently, sudo per Windows supports three different configuration options:
- In a new window (forceNewWindow)
- Input blocked (disableInput)
- Inline (normal)
In the first case, sudo opens a new terminal window with elevated privileges and will execute the command in that window. This is the default configuration option when sudo is enabled. For example, imparting education
sudo netstat -abWindows 11 runs the netstat command with the indicated option inside a new window.
In the die-input blocked (or “closed”) configuration, sudo runs the command with elevated privileges in the current window but the new process will not accept any user input.
The third option is more similar to the behavior of sudo on other operating systems. In this setup, sudo for Windows runs the elevated process exclusively using the current working window (we’ve seen the use of
--enable normal in the previous example).
When using sudo from the command line, the classic appears UAC dialog box which asks the user to confirm elevation of privileges. After confirmation, the process invoked via sudo is handled based on the selected configuration option.
Was it really necessary?
Jordi Adoumie (Microsoft) anticipates that over the next few months the development team will work on sudo documentation for Windows, sharing more details on security implications resulting from the use of sudo in the configuration Inline.
Already today Windows has several ways to allow users to acquire elevated privileges. Many, therefore, wonder whether the addition of the sudo command “in Microsoft style” could not ultimately translate into a useless extension of the attack surface. Inevitably, in fact, such a powerful tool will become the object of study by malicious users, with the precise aim of exploring new frontiers for the unauthorized acquisition of elevated privileges on other people’s systems.