Getting "You are not allowed to run sudo" error when trying to use sudo #68
Replies: 7 comments 7 replies
-
Did you enable from terminal or in Windows' Settings app? Edit: If you want to enable |
Beta Was this translation helpful? Give feedback.
-
Sudo for Windows doesn't currently support over-the-shoulder elevation (where the admin user is a different user than the current user). I'd suspect that we'll address that when we add support for #3 |
Beta Was this translation helpful? Give feedback.
-
I got this error too, I try to enable group policy setting item: User Account Control: Run all Administrators in Admin Approval Mode. |
Beta Was this translation helpful? Give feedback.
-
That’s only if you don’t have local admin.
…On Wed, Oct 9, 2024 at 3:20 AM AlphaSeb ***@***.***> wrote:
Wow, then this whole feature is pretty useless in any enterprise enviroment
—
Reply to this email directly, view it on GitHub
<#68 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJTBRYKJTHHJMWWOULM6OG3Z2TKKBAVCNFSM6AAAAABHB74ZAGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOBYHA3TKMQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
So you’re expecting it to prompt for credentials?
I know for me it works if the user is part of local admin group on the PC
…On Wed, Oct 9, 2024 at 7:56 AM AlphaSeb ***@***.***> wrote:
False. We have a local admin, protected by LAPS and personalized Admin
Accounts assigned to our Entra ID Device Administrator Role. We also
receive the same error message. It only seems to work if the same user
happens to be also in the Local Admin Group, which is stupid and nobody in
a business context would work like that.
If I type "sudo xyz" I would expect an UAC prompt which I would confirm
with my credentials, not an error message.
—
Reply to this email directly, view it on GitHub
<#68 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJTBRYKFKQTV5CGUPP6OXSDZ2UKXZAVCNFSM6AAAAABHB74ZAGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOBZGE2TMOA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Yeah I think Microsoft’s spirit of sudo is different from Linux. It seems
clear in 24H2 it’s about protecting admin accounts with this and just in
time admin coming at Ignite.
I think it’s good feedback but not sure that’s where they’re going with it
…On Wed, Oct 9, 2024 at 8:06 AM AlphaSeb ***@***.***> wrote:
Sure, it should give an UAC prompt. If you're in the local admin group you
receive a "Yes" "No" prompt. In most enterprise enviroments you'd see a
prompt like that.
image.png (view on web)
<https://github.com/user-attachments/assets/0b80fe26-8d43-4d41-9005-bad38fb5aafd>
—
Reply to this email directly, view it on GitHub
<#68 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJTBRYKRKTQUH3FU6VBCLSTZ2UL4NAVCNFSM6AAAAABHB74ZAGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOBZGE3DOOA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
As an aside, other user is on the roadmap just not sure when they’re
planning to release
…On Fri, Oct 11, 2024 at 6:53 AM Fifteen 15 Studios ***@***.***> wrote:
If I type "sudo xyz" I would expect an UAC prompt which I would confirm
with my credentials, not an error message.
This is what I would expect, too. The fact that they released this, and
announced it as a "feature", is laughable. The current implementation is
literally useless.
—
Reply to this email directly, view it on GitHub
<#68 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJTBRYNQQ35W343WQFADHHTZ26U3BAVCNFSM6AAAAABHB74ZAGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOJRGQYDOMQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I just enabled sudo finally in Windows 11 (version 24H2), and can not get it to work with a non-administrator local account. Im under the impression that I should be able to log into the machine with a normal user account, and from a normal terminal window use sudo to run administratively privileged commands and get prompted for the local administrator account credentials. Am I doing something wrong here?
Beta Was this translation helpful? Give feedback.
All reactions