- For security reasons, the Credentials Cache is no longer 'automatic' by default. It has 3 modes now:
- Disabled: Every elevation request shows a UAC popup.
- Explicit: (default) Every elevation shows a UAC popup, unless a cache session is started/stopped with
gsudo cache on/off
. - Auto: Simil-unix-sudo. The first elevation shows a UAC Popup and starts a cache session automatically.
Those who want to see a reduced amount of UAC popups must opt-in to start a cache session (gsudo cache on
) or set the Auto
mode (gsudo config CacheMode Auto
).
-
Are you leaving the keyboard to a co-worker? run
gsudo -k
to stop all cache sessions. -
gsudo can not only launch elevated but also unelevate or restrict the permissions of a given command. With the added the
--integrity {level}
| (-i
for short) option to launch a process with any integrity level. For example:gsudo -i Low {command}
start the process with low integrity, restricted permissions.gsudo -i Medium {command}
start with normal permissions. Can be used to unelevate a process.- Only
High
(the default) or higher has local admin privileges.
-
Added
gsudo status
to show info regarding the user, elevation, and cache status. -
gsudo
is now just one singleEXE
file, (noDLLs
). (#26) -
New internal method to elevate/unelevate based on replacing the new process security token, instead of (the now deprecated) console attachment/redirection.
Fixes:
- Elevating the
tee
command (or any other awaiting for Std Input closure) now works properly. (#25) - Running gsudo from a mapped drive now works but only if the current directory is local. (#27)
- Improved
Chocolatey
scripts upgrade scenarios (#17) - Cache session now closes when the allowed process ends. (#24)