Starting with build 24H2, Windows 11 includes a built-in sudo command. This command allows running commands as an administrator directly from an unprivileged (non-admin) CMD/PowerShell/Terminal session.
By default, the sudo command is disabled in Windows 11. To allow using this tool, use the Enable sudo toggle switch in Settings -> System -> For developers.
Or you can enable sudo via the Windows registry.
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Sudo" /v "Enabled" /t REG_DWORD /d 1 /f
For example, running the following PowerShell command to restart a Windows service from a non-elevated terminal will result in an error
Restart-Service iphlpsvc
Then, enable sudo in the Windows settings and run the same command via sudo.
sudo powershell "Restart-Service iphlpsvc"
A User Account Control (UAC) prompt will appear requesting privilege elevation. Once approved, a new terminal window is launched (separate from the current session where context was already established), and the specified command is executed with administrative rights.
In the same way, you can use Sudo in the CMD prompt. I’m trying to stop the service using a non-admin (non-elevated) command prompt.
net stop iphlpsvc
System error 5 has occurred. Access is denied.
Now I run the same command via sudo:
sudo net stop iphlpsvc
Start-Process powershell -Verb runAs
Sudo for Windows runs apps with elevated privileges in three modes. These modes can be selected from the Settings app or specified from the command line.
- In a new window – when a command or program is run via sudo, it opens in a new elevated window (session), running as an administrator. This is the default behavior.
sudo config --enable forceNewWindow - With input disabled – this is the safest option, where the command runs with elevated privileges in the current window but cannot receive or prompt for user input within that session:
sudo config --enable disableInput - Inline – this mode is most similar to the behavior of the sudo command in Linux and other OSs. An elevated command runs in the current console and can receive input from it (the most convenient but least secure option):
sudo config --enable normal
You can run an elevated command in the current console using sudo, regardless of the current sudo mode. Just add the inline option.
sudo --inline net stop iphlpsvc
To see the full list of supported sudo options and parameters in Windows, run the following command:
sudo -h
2 comments
Why the Restart-Service example above is “sudo run powershell restart-service iphlpsvc” and not “sudo restart-service iphlpsvc”?
These commands are equivalent. This is just for illustration purposes.