- For security reasons, the Credentials Cache is no longer 'automatic' by default. It has 3 modes now:
- Disabled: Every elevation request shows a UAC popup.
- Explicit: (default) Every elevation shows a UAC popup, unless a cache session is started/stopped with
gsudo cache on/off. - Auto: Simil-unix-sudo. The first elevation shows a UAC Popup and starts a cache session automatically.
Those who want to see a reduced amount of UAC popups must opt-in to start a cache session (gsudo cache on) or set the Auto mode (gsudo config CacheMode Auto).
-
Are you leaving the keyboard to a co-worker? run
gsudo -kto stop all cache sessions. -
gsudo can not only launch elevated but also unelevate or restrict the permissions of a given command. With the added the
--integrity {level}| (-ifor short) option to launch a process with any integrity level. For example:gsudo -i Low {command}start the process with low integrity, restricted permissions.gsudo -i Medium {command}start with normal permissions. Can be used to unelevate a process.- Only
High(the default) or higher has local admin privileges.
-
Added
gsudo statusto show info regarding the user, elevation, and cache status. -
gsudois now just one singleEXEfile, (noDLLs). (#26) -
New internal method to elevate/unelevate based on replacing the new process security token, instead of (the now deprecated) console attachment/redirection.
Fixes:
- Elevating the
teecommand (or any other awaiting for Std Input closure) now works properly. (#25) - Running gsudo from a mapped drive now works but only if the current directory is local. (#27)
- Improved
Chocolateyscripts upgrade scenarios (#17) - Cache session now closes when the allowed process ends. (#24)