Windows 10's new sandbox feature lets you securely test programs and files downloaded from the Internet by running them in a secure container. It's easy to use, but the settings are in a text-based configuration file.
The Windows Sandbox is easy to use if you have it
This feature is part of the May 2019 update of Windows 10. After you install the update, you must also have the Professional, Enterprise, or Use Education editions of Windows 1
CONNECTION: How to Use the New Windows 10 Sandbox (for Safe Testing of Apps)
Sandbox is started, creates a copy of your current Windows operating system, removes and gives access to your personal folders a clean windows desktop with internet access. Before Microsoft added this configuration file, you could not customize Sandbox at all. If you do not want Internet access, you usually had to disable it right after it started. If you need access to files on your host system, you must copy and paste them into Sandbox. If you want to have certain third-party programs installed, you must install them after starting Sandbox.
Because Windows Sandbox completely drops the instance when closing the instance, you had to go through this customization process every time it was started. On the one hand, this leads to a safer system. If something goes wrong, close the sandbox and everything will be deleted. However, if you need to make regular changes, it will quickly get frustrating every time you start up.
To resolve this issue, Microsoft has introduced a configuration feature for Windows Sandbox. With XML files, you can start Windows Sandbox with set parameters. You can tighten or relax the restrictions of the sandbox. For example, you can disable the Internet connection, configure folders shared with your host copy of Windows 10, or run a script to install applications. The options are somewhat limited in the first version of the Sandbox feature, but Microsoft will likely add more Windows 10 updates in future updates.
Configuring the Windows Sandbox
This guide assumes that you have already set up Sandbox for general use. If you have not already done so, you must first enable it in the Windows Features dialog box.
To get started, you need Notepad or your favorite text editor (we like Notepad ++) and a blank new file. You create an XML file for configuration. Familiarity with the XML encoding language is helpful, but not required. If you have saved your file, save it with the .wsb extension (think of Windows Sandbox.) Double-clicking the file starts Sandbox with the specified configuration.
As explained by Microsoft, you have several options to choose from when configuring the sandbox. You can enable or disable the vGPU (virtualized GPU), turn the network on or off, specify a shared host folder, set read / write permissions for this folder, or run a script on startup.
This configuration file allows you to disable the virtualized GPU (enabled by default), disable the network (enabled by default), specify a shared host folder (sandbox apps do not have access by default), set read / write permissions for it Make folder fixed and / or execute a script at startup
First open Notepad or your favorite text editor and start with a new text file. Add the following text:
All options that you add must be between these two parameters. You can only add one or all options – you do not have to add every single option. If you do not specify an option, the default value is used.
<img class = "alignnone wp-image-412181 size-full" src = "https://www.howtogeek.com/wp-content/ uploads / 2019/04 / xConfiguration-brackets.png.pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.LEjn-ADeSc.png "alt =" Notepad Display
Disable Virtual GPU or Network
As Microsoft points out, enabling the virtual GPU or the network increases the ability of malicious software to break out of the sandbox, so if you're testing something that's particularly troublesome, it might be a good idea to disable them.
To disable the virtual GPU that is enabled by default, add the following text to your configuration file:
Disable the default enabled network access, add the following text:  Disable
How to Map a Folder
To map a folder, you must specify exactly which folder you want to share, and then specify whether the folder should be read-only or not.
The assignment of a folder looks like this:  C: Users Public Downloads
In HostFolder you list the specific folder that you want to share. The above example releases the public download folder found on Windows systems.
ReadOnly determines whether sandbox can write to the folder or not. Set
to to make the folder read-only, or
to to make it writable.
Be aware that linking a folder puts your system at risk between your host and the Windows Sandbox. Write access to Sandbox increases this risk. If you test everything that you believe is harmful, you should not use this option.
Running a Script at Startup
Finally, you can run custom scripts or basic commands. For example, you can force the sandbox to open a mapped folder at startup. Creating this file would look like this:
C: Users Public Downloads true explorer.exe C: users WDAGUtilityAccount Desktop Downloads
WDAGUtilityAccount is the default user for Windows Sandbox will always refer to it when you open folders or files as part of a command.
Unfortunately, in the near release of Windows 10s update from May 2019, the option
LogonCommand does not work as intended. It did not do anything, even if we used the example in the Microsoft documentation. Microsoft will probably fix this error soon.
To start Sandbox with your settings
Save your file and give it a .wsb file extension. For example, if your text editor saves it as Sandbox.txt, save it as Sandbox.wsb. To start the Windows Sandbox with your settings, double-click the .wsb file. You can put it on your desktop or create a shortcut in the Start menu.
You can download this DisabledNetwork file to save some steps. The file has a TXT extension, renames it to a WFS file extension, and you can start Windows Sandbox.