Sudowin, run programs on standard user accounts with elevated privileges

Windows Vista and above versions have a new technology called UAC( User Account Control), It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

 

Sudo for Windows (sudowin) allows authorized users to launch processes with elevated privileges using their own passphrase. Unlike the runas command, Sudo for Windows preserves the user’s profile and ownership of created objects.
This software is very useful when we want to run a program on a standard user account and program released by an unknown publisher.
We follow installation instruction together:

1.      Download Sudowin from this link: http://sourceforge.net/projects/sudowin/files/latest/download
2.      Login to windows by an administrator account and MSI package to start installation (Figures 1-4):
 

 

1
Figure 1
 
 
2
Figure 2
3
Figure 3
4
Figure 4
 3.      After installation is complete, a new group added to local computer, group name is “Sudoers” (Figure 5):

5
Figure 5

 

4.       Add user account to the Sudoers group (Figure 6):
 
6
Figure 6
 
5.       Logoff and login to windows by this user.
6.       Right click on executable file and click on “Sudo” (Figure 7), a dialog windows will be shown (Figure 8):
 
7
Figure 7
 
 
8
Figure 8
 
 
7.       In first run you must enter your password but in next runs you don’t need to enter password. After enter password your application will run by administrative privilege and even you can install software by standard user accounts.
Sudo can be used as a command prompt command, open CMD and type “sudo” (Figure 9), for example:
       sudo c:\windows\system32\taskmgr.exe
The above command will run “Task Manager” by administrative privilege.
 
9
Figure 9

 

Caution:
Sudowin is very useful program but it is high risk for an administrator because user can run any program, any program is contains malware, spyware, virus and etc. Also user can run mmc (Microsoft Management Console) and change local setting for example user can run mmc with “Local users and groups” snap-in and add his/her user to Administrators group.
It’s not recommended when your user have experience on computer since and use it if you can’t do your task by any other ways. Please see test video.
 

 

Davoud Teimouri

Professional blogger, vExpert 2015/2016/2017/2018/2019/2020/2021/2022/2023, vExpert NSX, vExpert PRO, vExpert Security, vExpert EUC, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

2 Responses

  1. Vishal Agarwal says:

    Please guide me with the setup in windows 10.
    I need to grant admin privileges to users on a particular folder and all the files inside it. (It contains some executables that need to to be run as admin)
    If you can provide the sudoers.xml file, it will help a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *