Microsoft is introducing a Linux-inspired ‘sudo’ feature to Windows Server 2025, giving administrators a new way to run console applications with elevated privileges. In Linux, the sudo (short for “superuser do”) command allows users with limited permissions to execute commands as a higher-privilege user, commonly root, enhancing security by allowing users to perform only the actions needed with elevated rights, while remaining in a lower-privileged mode otherwise.
With this change, Microsoft aims to offer similar functionality on Windows Server. By using sudo, administrators can perform privileged tasks without needing a persistent admin account. For example, in Linux, running whoami under a limited account returns the standard user. But using sudo whoami escalates privileges temporarily, returning the user as root.
In the recently leaked build of the Windows Server 2025 Insider Preview, new experimental options related to sudo have been discovered. These settings are accessible by enabling developer mode, though sudo isn’t fully functional yet, indicating that it’s still in early development. Current options show flexibility in how sudo might function in Windows: allowing applications to run “in a new window,” “with input disabled,” or “inline” in the same window.
While Windows has traditionally used User Account Control (UAC) to manage privilege elevation for applications, sudo could introduce more granular control for specific command-line tools, like bcdedit and reagentc, that typically require admin rights to execute. This new sudo feature, if it makes it into the final release, could streamline workflows for administrators and potentially align Windows Server more closely with Linux-like privilege management practices.
Though this feature hasn’t been seen in Windows 11, it may be tested further and potentially introduced there as well. Microsoft frequently tests new features in preview builds, and it will be interesting to see if and how this new sudo command becomes part of Windows Server.
- Design