How-to-Configure-the-Windows-Sandbox

In this article, you will learn How to Configure the Windows Sandbox?

Windows 10’s new Sandbox feature lets you secure test programs and files downloaded from the internet by running them in a secure container. It’s easy to use, but its settings are buried in a content-based or text-based configuration file.

If You Have Windows Sandbox its Easy to Use

This feature is part of Windows 10’s 2019 May Update. Once you have installed the windows update, you will also have to be using the Professional, Enterprise, or Education editions of Windows 10. This feature is not available on Windows 10 Home. But, if it is available on your system, you can easily activate the Sandbox feature and then from the Start menu launch it.

How to Configure Windows the Sandbox

How to Configure Windows Sandbox

To get started, you will need Notepad or your any text editor—we like Notepad++—and a blank new file. You will be creating an XML file for configuration. While familiarity with the XML coding language is helpful. Once you have your file in place, you will save it with the extantion .wsb (think Windows Sand Box.) Double-click the file will launch Sandbox with the specified configuration.

As explained by Microsoft, you have several options to choose when the configuring the Sandbox.  You can enable or disable the vGPU (virtualized GPU), toggle the network on or off, specify a shared host folder, set read/write permissions on that folder, or run a script on launch.

By Using this configuration file, you can disable the virtualized GPU (it’s enabled by default), toggle the network off (it’s on by default), specify a shared host folder (sandboxed apps don’t have access to any by default), set read/write permissions on that folder, and/or run a script at launch

The first step, open the Notepad or your favorite text editor and start with a new text file. Add the following text on it:

<Configuration> 
</Configuration>

Note:
All the options you want to add must be between these two parameters. You can add just one option or all of them—you don’t have to include every single one. If you don’t specify an option, the default will be used.

How to Configure Windows Sandbox

How to Disable the
Networking or Virtual GPU

As per Microsoft points out, having the virtual GPU or Networking enabled to increases the avenues malicious software can use to break out of the sandbox. So if you are testing something you are particularly worried about it, it might be wise to disable them.

if you want to disable the virtual GPU, which is enabled by default, then add the following text to your configuration file.

<VGpu>Disable</VGpu>
How to Disable the Virtual GPU

if want to disable network access, which is enabled by default, add the following text.

<Networking>Disable</Networking>
How to Disable the  
Networking

How to Map a Folder

If you want to map a folder you will need to detail out exactly what folder you want to share, and then specify whether the folder should be read-only or not.

Mapping a folder looks like this:

<MappedFolders>
<MappedFolder>
<HostFolder>C:\Users\Public\Downloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>

HostFolder is where you list the specific folder you would like to share. In the above example, the Public Download folder found on Windows systems is being shared. ReadOnly sets whether Sandbox can write to the folder or not. Set it to true to make the folder read-only or false to make it writable.

Be aware, you are essentially introducing risk to your system by linking a folder between your host and Windows Sandbox. Giving Sandbox write access increases that risk. If you’re testing anything you think may be malicious, you should not use this option.

How to Run a Script at Launch

Finally, run custom created scripts or basic commands. You could, for instance, force the Sandbox to open a mapped folder upon launch. Creating that file would look like this:

<MappedFolders>
<MappedFolder>
<HostFolder>C:\Users\Public\Downloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
</LogonCommand>

WDAGUtilityAccount is the default user for Windows Sandbox, so you will always reference that when opening folders or files as part of a command.

Unfortunately, in the near-release build of Windows 10’s May 2019 Update, the LogonCommandoption does not appear to be working as intended. It did not do anything at all, even when we used the example in Microsoft’s documentation. Microsoft will likely fix this bug soon.

How to Run a Script at Launch

How to Launch Sandbox With Your Custom Settings

After you are done, save your file and give it a file extension .wsb. For example, if your text editor saves it as Sandbox.txt, save it to as Sandbox.wsb. To launch the Windows Sandbox with your settings, double-click the .wsb file. You can place it on your desktop or create a shortcut to it in the Start menu.

How to Launch Sandbox

You can download this DisabledNetwork file to save you a few steps. The file has a txt extension, rename it with a .wsb file extension, and you are ready to launch Windows Sandbox.

How to Configure the Windows Sandbox? Write comments about this article.

How to Configure the Windows Sandbox How to Configure the Windows Sandbox How to Configure the Windows Sandbox How to Configure the Windows Sandbox How to Configure the Windows Sandbox How to Configure the Windows Sandbox How to Configure the Windows Sandbox

How to Configure the Windows Sandbox

Leave a Reply

Your email address will not be published. Required fields are marked *