Last Update: Sep 04, 2024 | Published: Apr 22, 2021
Windows Terminal is delivered by Microsoft as a packaged app through the Microsoft Store and on GitHub in MSIX format. But because of the way Windows Terminal is developed and packaged, there are some challenges when it comes to elevating privileges.
Users have called for Microsoft to allow tabs in Windows Terminal to optionally run with elevated privileges. But Microsoft has determined there is a risk, albeit small, that hackers could weaponize elevated tabs to compromise Windows. So, elevating privileges in Windows Terminal tabs isn’t on Microsoft’s roadmap. And that sounds fair enough.
Mike Griese, a software engineer at Microsoft working on the Windows Terminal and the Windows command line experience, says that because of the way Windows is architected:
“If you had an elevated commandline running in an unelevated window, an untrusted bad actor could execute an elevation-of-privilege attack by driving the unelevated windows that’s running the elevated commandline.”
And that has also led to conversations on developing a Unix-style sudo command for Windows to a dead-end. But for developers and system administrators who would like to elevate privileges in Windows Terminal, there are a couple of workarounds.
The first method for elevating privileges with Windows Terminal is to run the app as an administrator. This method only works if you are signed in to Windows 10 with a Protected Administrator account. I.e., an administrator account that is protected by User Account Control (UAC). Or an administrator account that isn’t protected by UAC (not recommended).
The first account created in Windows is always a Protected Administrator unless your organization has changed the default configuration. If you are signed in to Windows with a standard user account, launching Windows Terminal using ‘Run as administrator’ doesn’t work.
Here’s how to elevate Windows Terminal to run with administrator privileges:
gsudo is an open-source project on GitHub that provides a sudo equivalent for Windows. It lets you run individual commands with elevated privileges; and elevate the current shell (tab) in a Windows Terminal window or in a new window. If you use gsudo to elevate the current shell (tab) in a Windows Terminal window, then you should take into consideration the security concerns that I outlined above.
The command runs a script that downloads gsudo, unzips it, and places it on your PC so that you can access gsudo from the command line and Windows Terminal.
gsudo notepad %windir%system32driversetchosts
I’ve found gsudo to work reliably in command line tabs in Windows Terminal. But in Windows PowerShell or PowerShell 7 tabs, calling apps like Notepad with gsudo throws an error. But as providing you stick to running PowerShell cmdlets, like the one shown below, gsudo seems to work just fine.
New-Item -ItemType directory -Path 'c:program filesmyapps'
For a full description of what you can do with gsudo, check out the project’s GitHub page here.