قالب وردپرس درنا توس
Home / Tips and Tricks / How to Configure the Windows Sandbox

How to Configure the Windows Sandbox



  Windows Sandbox is Running

Windows 10's new sandbox feature lets you securely test programs and files downloaded from the Internet by running them in a secure container. It's easy to use, but the settings are in a text-based configuration file.

The Windows Sandbox is easy to use if you have it

This feature is part of the May 2019 update of Windows 10. After you install the update, you must also have the Professional, Enterprise, or Use Education editions of Windows 1

0. It is not available on Windows 10 Home. However, if it's available on your system, you can easily enable the sandbox feature and launch it from the Start menu.

CONNECTION: How to Use the New Windows 10 Sandbox (for Safe Testing of Apps)

Sandbox is started, creates a copy of your current Windows operating system, removes and gives access to your personal folders a clean windows desktop with internet access. Before Microsoft added this configuration file, you could not customize Sandbox at all. If you do not want Internet access, you usually had to disable it right after it started. If you need access to files on your host system, you must copy and paste them into Sandbox. If you want to have certain third-party programs installed, you must install them after starting Sandbox.

Because Windows Sandbox completely drops the instance when closing the instance, you had to go through this customization process every time it was started. On the one hand, this leads to a safer system. If something goes wrong, close the sandbox and everything will be deleted. However, if you need to make regular changes, it will quickly get frustrating every time you start up.

To resolve this issue, Microsoft has introduced a configuration feature for Windows Sandbox. With XML files, you can start Windows Sandbox with set parameters. You can tighten or relax the restrictions of the sandbox. For example, you can disable the Internet connection, configure folders shared with your host copy of Windows 10, or run a script to install applications. The options are somewhat limited in the first version of the Sandbox feature, but Microsoft will likely add more Windows 10 updates in future updates.

Configuring the Windows Sandbox

  Windows Sandbox Explorer and Host System Explorer View a Shared File
Your sandbox copy of Windows 10 may access a shared folder on your host operating system.

This guide assumes that you have already set up Sandbox for general use. If you have not already done so, you must first enable it in the Windows Features dialog box.

To get started, you need Notepad or your favorite text editor (we like Notepad ++) and a blank new file. You create an XML file for configuration. Familiarity with the XML encoding language is helpful, but not required. If you have saved your file, save it with the .wsb extension (think of Windows Sandbox.) Double-clicking the file starts Sandbox with the specified configuration.

As explained by Microsoft, you have several options to choose from when configuring the sandbox. You can enable or disable the vGPU (virtualized GPU), turn the network on or off, specify a shared host folder, set read / write permissions for this folder, or run a script on startup.

This configuration file allows you to disable the virtualized GPU (enabled by default), disable the network (enabled by default), specify a shared host folder (sandbox apps do not have access by default), set read / write permissions for it Make folder fixed and / or execute a script at startup

First open Notepad or your favorite text editor and start with a new text file. Add the following text:

 


All options that you add must be between these two parameters. You can only add one or all options – you do not have to add every single option. If you do not specify an option, the default value is used.

<img class = "alignnone wp-image-412181 size-full" src = "https://www.howtogeek.com/wp-content/ uploads / 2019/04 / xConfiguration-brackets.png.pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.LEjn-ADeSc.png "alt =" Notepad Display ” width=”650″ height=”300″/>

Disable Virtual GPU or Network

As Microsoft points out, enabling the virtual GPU or the network increases the ability of malicious software to break out of the sandbox, so if you're testing something that's particularly troublesome, it might be a good idea to disable them.

To disable the virtual GPU that is enabled by default, add the following text to your configuration file:

  Disable 

  Adding the Disable Virtual GPU Command

Disable the default enabled network access, add the following text: [19659026] Disable

  Adding Disable Network Command

How to Map a Folder

To map a folder, you must specify exactly which folder you want to share, and then specify whether the folder should be read-only or not.

The assignment of a folder looks like this: [19659031] C: Users Public Downloads
true

In HostFolder you list the specific folder that you want to share. The above example releases the public download folder found on Windows systems. ReadOnly determines whether sandbox can write to the folder or not. Set to to make the folder read-only, or to to make it writable.

Be aware that linking a folder puts your system at risk between your host and the Windows Sandbox. Write access to Sandbox increases this risk. If you test everything that you believe is harmful, you should not use this option.

Running a Script at Startup

Finally, you can run custom scripts or basic commands. For example, you can force the sandbox to open a mapped folder at startup. Creating this file would look like this:



  C:  Users  Public  Downloads 
  true 



  explorer.exe C:  users  WDAGUtilityAccount  Desktop  Downloads 

WDAGUtilityAccount is the default user for Windows Sandbox will always refer to it when you open folders or files as part of a command.

Unfortunately, in the near release of Windows 10s update from May 2019, the option LogonCommand does not work as intended. It did not do anything, even if we used the example in the Microsoft documentation. Microsoft will probably fix this error soon.

 Notepad file with login command

To start Sandbox with your settings

Save your file and give it a .wsb file extension. For example, if your text editor saves it as Sandbox.txt, save it as Sandbox.wsb. To start the Windows Sandbox with your settings, double-click the .wsb file. You can put it on your desktop or create a shortcut in the Start menu.

 Configuration Files in File Explorer

You can download this DisabledNetwork file to save some steps. The file has a TXT extension, renames it to a WFS file extension, and you can start Windows Sandbox.




Source link