How to sudo on powershell on Windows

Question

Whenever I need to run a powershell script it complains of security, if I add powershell.exe -nologo -executionpolicy bypass -File .\install.ps1 I still get permission denied unauthorizedAccessException. I just want to run this install script, what is the sudo equivalent to type on the powershell on windows?

Answer 1

^{Note: If you're looking to add general-purpose, prepackaged sudo-like functionality to PowerShell, consider the
Enter-AdminPSSession (psa) function from this Gist, discussed in the bottom section of this answer.}

If you are running from PowerShell already, then use Start-Process -Verb RunAs as follows:

Start-Process -Verb RunAs powershell.exe -Args "-executionpolicy bypass -command Set-Location \`"$PWD\`"; .\install.ps1"

Note:

• The script invariably runs in a new window.
• Since the new window's working directory is invariably $env:windir\System32, a Set-Location call that switches to the caller's working directory ($PWD) is prepended.
  • Note that in PowerShell (Core) 7+ (pwsh.exe) this is no longer necessary, because the caller's current location is inherited.
• Executing Set-Location necessitates the use of -Command instead of -File.
  • On the plus side, this obviates the need for -nologo.
  • A general caveat is that -Command can change the way arguments passed to your script are interpreted (there are none in your case), because they are interpreted the same way they would be if you passed the arguments from within PowerShell, whereas -File treats them as literals.

If you're calling from outside of PowerShell, typically from cmd.exe/ a batch file, you need to wrap the above in an outer call to powershell.exe, which complicates things in terms of quoting, unfortunately:

powershell.exe -command "Start-Process -Verb RunAs powershell.exe -Args '-executionpolicy bypass -command', \"Set-Location `\"$PWD`\"; .\install.ps1\""

---

Interactively, of course, you can:

• Right-click the PowerShell shortcut (in your taskbar or Start Menu, or on your Desktop), select Run as Administrator to open a PowerShell window that runs with admin privileges, and run .\install.ps1 from there.

• Alternatively, from an existing PowerShell window, you can open a run-as-admin window with Start-Process -Verb RunAs powershell.exe, as in AdminOfThings' answer.

Answer 2

If you are using Chocolatey (a package manager), you can install a package named sudo.
Then you can use sudo like Linux ?

Answer 3

You can utilize the Start-Process command and then use parameter -Verb runas to elevate. This works great for starting an elevated process.

I created a sudo function like this and added it to my powershell profile:

function sudo {
    Start-Process @args -verb runas
}

Example: Open notepad as Admin to edit hosts file

sudo notepad C:\Windows\System32\drivers\etc\hosts

If you want to elevate a Powershell command, you can create a simple function like this:

function Start-ElevatedPS {
    param([ScriptBlock]$code)

    Start-Process -FilePath powershell.exe -Verb RunAs -ArgumentList $code
}

Then, call the function and pass command wrapped in {} (script block)

Example: Elevate to create a symbolic link

Start-ElevatedPS { New-Item -ItemType SymbolicLink -Name mySymlink.ps1 -Target C:\myTarget.ps1 }

Answer 4

You can start PowerShell with the Run as Administrator option:

Start-Process powershell -Verb runAs

Answer 5

If you have a corporate policy that blocks scripts execution, then yes. ByPass does not change your profile (user context) state. That is not the design (use case) for any of those switches regarding Execution Policies.

There is not a direct comparison of sudo in Windows, this has nothing to do with PowerShell. You are either admin in a session / app or you are not. If you are installing software, that means you must be admin. If you are doing global system-wide changes, that means you must be admin.

There are folks who have strived to implement scripts, wrapper functions and or modules to mimic sudo …

Module from the MS PowerShell gallery. Sudo 0.9.3 Use functionality similar to sudo in PowerShell

From GitHub Sudo for PowerShell

Sudo for PowerShell Installation From PowerShell, create a $profile if you don't have one:

if (!(test-path $profile)) { new-item -path $profile -itemtype file -force }

Open the profile in notepad:

notepad.exe $profile

Add the following line and save the file:

. /path/to/sudo.ps1

sudo will be available in all new PowerShell windows Usage

sudo application [arguments ...]

...but that does not change what Windows expects when dealing with security boundaries.

See also this Q&A Sudo !! equivalent in PowerShell

$^ is a variable that expands to the last executed Powershell command. You can run a command as another user using runas, so the following works:

runas /user:domain\administrator $^

To shorten that up a bit, you can do some magic with aliases. Take a look at this Technet article for more info.

EDIT: One caveat - $^ only executes the first command in a pipeline or multi-command line. If you need to redo an entire command that is peppered with pipes or semicolons, use Invoke-History instead (which defaults to the last full command in its entirety).

Answer 6

As of today (October 2021), winget install gerardog.gsudo did the trick (on windows 10 home edition). Edit: Tested on Windows 11 as well (April 2022)

after that, you can do this:

gsudo notepad C:\windows\system32\something-editable-by-admin-only.txt

To test if it's working, or in your case:

gsudo powershell.exe install.ps1

You will be prompted by windows` UAC to elevate your priveleges by gsudo, and you can read the source code here: https://github.com/gerardog/gsudo