-
Notifications
You must be signed in to change notification settings - Fork 8.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open 'powershell as administrator' tabs (as a profile type) #691
Comments
I'm not sure the ConPTY support is quite there yet, see #332 |
Isn't there a risk of elevation of privileges leaking to other tabs? I could be wrong but I suppose that to be able to run a powershell tab as administrator, the whole Terminal app would need to also be elevated. Are there ways to prevent that? |
There are ways to do it, but it's not trivial: https://github.com/parkovski/wsudo |
Without implementing a per command UAC elevation similar to 'nix's Sudo for all the various consoles and WSL - I think a Process per Tab implementation, with a UAC prompt on profile adding would be sensible. It will require security protection and all the careful coding needed to make it possible, so may not be an achievable V1 goal. |
This is a dupe of #632, so I'll redirect discussion there. |
Wouldn't it be possible to change the |
Have been using ConEmu for years, which supports a mix of elevated and non-elevated tabs. I was thinking Windows Terminal would be a good alternative, but I don't want to run 2 instances when I can run just 1 ConEmu instance. |
All: there's no doubting that various other apps have the ability to run elevated instances inside them, the reason Microsoft haven't added this feature for Terminal yet is that's there's a security risk within Windows of doing so. The other apps have that security risk, Microsoft for good reason don't want to expose their users. With any luck Microsoft folk might fix Windows itself to allow elevated subprocesses (which may be very difficult), but otherwise the best best is for some other solution (eg, the ability to spawn a separate elevated window being easier) |
@ckasabula Thanks for the feedback, but we won't be allowing mixed elevated and unelevated instances in the same window, because it presents too large a security risk. You can refer to this thread: #632 (comment) for more details. ConEmu can offer that functionality and accept that risk, but unfortunately we can't. |
Try gsudo as workaround. |
it's the first time that I'm using Windows Terminal. Really nice to have PowerShell and WSL in a terminal. But I still don't understand why I can't have a tab with PowerShell as Administrator. In my taskbar I have Powershell pinned there and I right click on it.. Open as Administrator. Why can I have the same thing with Windows Terminal ? I'm never using powershell and cmd.exe in normal user. |
@survivant I mean, you can definitely open the Terminal as an administrator: We're just not going to let you put elevated instances inside an unelevated window. There's a bunch of other quality-of-life improvements for running the terminal elevated we've got planned over in #8455. |
kudos to @dranovsk for the gsudo mention! Just create a new windows terminal tab, for ex. PowerShell (Admin) Also, to distinguish the tab from the regular PowerShell, here's an icon with red powershell |
I understand there's a potential security risk of running elevated console tabs inside a non-elevated Windows Terminal. But what about enabling the opposite workflow? As long as Windows Terminal was launched with elevated privileges then why not allow for additional non-elevated console tabs to be created? |
I get:
To fix it, instead just change either the "Command line" box in the settings to read, |
Thanks to @PanosGreg for this tip! FYI: If you're using Powershell 7.x (aka Powershell Core, pwsh) you'll want to use |
Thanks so much for the Tip: after doing the above you have to also restart Terminal if you've had it running while installing Chocolatey + gsudo. |
@ylluminate This is completely unfounded and absolutely incorrect. Balancing intuitiveness/easy of use and security is a delicate dance, and one that Microsoft does far better in the last ten to fifteen years than Apple ever has. The reason you're seeing Apple leaning this way now too is that they too are coming to grips with this balance. |
@oising after 30 years of experience in this area I'm allowed to disagree with you and could also demonstrably say that you're wrong with unequivocal refutation, but we'll stop this now before it get's too hot in here. |
You can disagree with me anyway you wish, but it's less convincing if you attempt to do so via argumentum ad verecundiam ;) Have a nice day. |
@oising do you really want to do this here? I fully perceive you as doing exactly the same thing with regards to |
This seems to be a classic tactic: firing another salvo while saying "This will be the last one -- I do not expect you to respond" is clearly bait and that sort of behavior is not one I'm ready to tolerate in my repository. If you want to have a disagreement, do so in a fundamental and evidence-based way. This project wouldn't exist if we weren't working to address the needs of developers in our ecosystem. Refute that if you'd like, but we've gotten here against all the odds by making our case to the people in the company who would hear us. |
It's pretty frequent for Windows users to need 'powershell as administrator'.
Rather than opening a second instance of Windows Terminal via the Start Menu, it would be better to allow the 'down' menu to include powershell as administrator (by making it a profile type):
The text was updated successfully, but these errors were encountered: