Policy
Configure the behavior of the sudo command
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows11
This policy setting controls use of the sudo.exe command line tool. If you enable this policy setting, then you may set a maximum allowed mode to run sudo in. This restricts the ways in which users may interact with command-line applications run with sudo. You may pick one of the following modes to allow sudo to run in: "Disabled": sudo is entirely disabled on this machine. When the user tries to run sudo, sudo will print an error message and exit. "Force new window": When sudo launches a command line application, it will launch that app in a new console window. "Disable input": When sudo launches a command line application, it will launch the app in the current console window, but the user will not be able to type input to the command line app. The user may also choose to run sudo in "Force new window" mode. "Normal": When sudo launches a command line application, it will launch the app in the current console window. The user may also choose to run sudo in "Force new window" or "Disable input" mode. If you disable this policy or do not configure it, the user will be able to run sudo.exe normally (after enabling the setting in the Settings app).
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Maximum allowed sudo mode ID SudoModes | enum | HKLM\Software\Policies\Microsoft\Windows\Sudo\Enabled Type REG_DWORD | Options: Disabled (0), Force new window (1), Disable input (2), Normal (3) |
Other policies in this category
Explore related policies at the same level.
- ComputerActivate Shutdown Event Tracker System State Data featureWindows Server 2003 only
- ComputerAllow Distributed Link Tracking clients to use domain resourcesWindows Server 2003, Windows XP, and Windows 2000 only
- UserCentury interpretation for Year 2000At least Windows 2000
- UserCustom User InterfaceAt least Windows 2000
- ComputerDisplay highly detailed status messagesAt least Windows 2000
- ComputerDisplay Shutdown Event TrackerAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerDo not automatically encrypt files moved to encrypted foldersAt least Windows 2000
- ComputerDo not display Manage Your Server page at logonAt least Windows Server 2003
- UserDo not display the Getting Started welcome screen at logonWindows 2000 only
- ComputerDo not turn off system power after a Windows system shutdown has occurred.At least Windows Server 2003 operating systems or Windows XP Professional with SP1
- UserDon't run specified Windows applicationsAt least Windows 2000
- ComputerDownload missing COM componentsAt least Windows 2000