Windows: sudo?

I just posted about sudo and su commands on Unix. What about Windows?

Oh yeah, Windows tried to mimic these.  There is the RunAs command available since XP, enhanced to include “Run As Administrator”, since Vista.

RunAs is more like sudo. You can run this as any user, only you need the other user’s credentials for this. It is mostly used to run commands as administrator.  RunAs, when run with Administrator credentials,  tries to make you the “root”, but there is a slight problem with that.

Even if you run a command as Administrator,  it doesn’t automatically elevate your security levels. So,  you cannot do this sudo style!

Thus the “Run As Administrator” is not available on command line, only as a menu option in Windows desktop!!  You will have to go into the desktop,  right click on the command and click “Run As Administrator” to do this. And  “Run As Administrator” elevates the privileges only at the command level!  So,  if you have to run a bunch of commands with elevated privileges, you can run a Windows shell (command prompt)  as Administrator and run commands or script(s) inside that shell.

Remember, we saw how “sudo su” took care of logging in with root’s profile without actually knowing the password for the root? Sudo su took care of that. You simply cannot do that on Windows! To login with some else’s id,  you need to have their password,  thus eliminating the “su” option completely.

This is probably why you constantly run into problems or a lot of confusion at best. Sometimes, you can create files in the “Admin” mode and the normal mode wouldn’t see it. Your explorer may be running in normal mode, that it doesn’t see mappings done in a command prompt run as Administrator. Since we upgraded to Windows 7, a year ago, we constantly run into these type of issues. One of the classic problems was that our PowerBuilder application could not “see” the Word files on a network drive mapped in admin mode!!

“Run As Administrator” is like sudo, but you have to be an Administrator (su) to run it. If you are normal user, then it will constantly ask for a superuser password!

Part of the problem is, you don’t have separate sudoers’ list. This requirement seemed to mixed up su with sudo! On top of that, Windows doesn’t have a “Run As Administrator” command on command line, to automatically elevate permissions. You will have to use “Run As Administrator” menu to run command shell and do anything inside that shell. Imagine, you have to elevate permission in a script!! Not a chance! Luckily, some people wrote some nice tools/scripts that came to the rescue. Elevate is one such command. I used this a lot during installations when we migrated to Windows 7.

So, there you have it. They took a nice security model from Unix, slapped on top of Windows and made it really confusing! But then Windows started as such a free for all environment. The security model is being retro-fitted into the old OS. Eventually, they will get it right!