قالب وردپرس درنا توس
Home / Tips and Tricks / How to configure Windows Sandbox

How to configure Windows Sandbox



  Windows sandbox run

With Windows 10's new Sandbox feature, you can safely test programs and files downloaded from the Internet by running them in a secure container. It is easy to use, but its settings are buried in a text-based configuration file.

Windows Sandbox is easy to use if you have it

This feature is part of the Windows 1

0 May 2019 update. After you install the update, you also need to use the Professional, Enterprise, or Education editions of Windows 10. It is not available on Windows 10 Home. But if it is available on your system, you can easily activate the Sandbox function and then start it from the Start menu.

RELATED: How to use Windows 10's new sandbox (to safely test programs)

Sandbox will launch, make a copy of your current Windows operating system, remove access to your personal folders and give you a clean Windows desktop with internet connection. Before Microsoft added this configuration file, you could not customize the Sandbox at all. If you do not want access to the internet, you normally have to disable it immediately after the start. If you needed access to files on your host system, you had to copy and paste them into the Sandbox. And if you want to install some third-party applications, you need to install them after starting the Sandbox.

Because Windows Sandbox deletes its instance completely when it is closed, you have to go through the customization process every time you start. On the one hand, it provides a safer system. If something goes wrong, close the sandbox and everything will be deleted. On the other hand, if you need to make changes regularly, you need to do so on each launch quickly.

To alleviate that problem, Microsoft introduced a Windows Sandbox configuration feature. With the help of XML files, you can start Windows Sandbox with set parameters. You can tighten or loosen the sandbox's limitations. For example, you can disable the Internet connection, configure shared folders with your host copy of Windows 10, or run a script to install programs. The options are a bit limited in the first version of the Sandbox feature, but Microsoft will probably add more to future updates to Windows 10.

How to configure Windows Sandbox

  Windows Sandbox Explorer and Host System Explorer show a shared file
Your sandbox copy of Windows 10 may have access to a shared folder on your host operating system.

This guide assumes that you have already set up Sandbox for general use. If you haven't done so yet, you must first activate it with the Windows Features dialog box.

To get started, you need Notepad or your favorite text editor – we like Notepad ++ – and an empty new file. You create an XML file for configuration. While acquaintance with the XML encoding language is useful, it is not necessary. Once you've got your file in place, it is saved with a .wsb extension (think of the Windows Sand Box.) Double-click on the file, the Sandbox starts with the specified configuration.

As explained by Microsoft, you have several options to choose from when configuring the sandbox. You can enable or disable vGPU (virtualized GPU), switch the network on or off, set a common host folder, set read / write permissions in that folder, or run a script at startup.

This configuration file can disable the virtual GPU (it is enabled by default), turn off the network (it is default), enter a shared host folder (sandboxed apps do not access anyone by default), set read – / write permissions in that folder, and / or run a script at launch

First, open notebooks or your favorite text editor and start with a new text file. Add the following text:

 


All options you add must be between these two parameters. You can only add one or all of them – you don't need to include each individual. If you do not specify an option, the default value will be used.

<img class = "alignnone wp-image-412181 size-covering" data-pagespeed-lazy-src = "https: //www.howtogeek.com / wp-content / uploads / 2019/04 / xConfiguration-brackets.png .pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.LEjn-ADeSc. png "alt =" Notepad showing ” width=”650″ height=”300″ src=”/pagespeed_static/1.JiBnMqyl6S.gif” onload=”pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);” onerror=”this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);”/>

How to disable the virtual GPU or network

As Microsoft points out, with the virtual GPU or Networking enabled, the pathways that malicious software can use to break out of the sandbox are increasing, so if you're testing something you're particularly worried about

To disable the virtual GPU enabled by default, add the following text to your configuration

  Disable 

  Disable </VGpu></p>
<p><img class= [Disable

  19659010] How to map a folder 

For To map a folder, you must specify exactly which folder you want to share and specify whether or not the folder should be read-only.

Folder a Folder Looks Like:



  C: Users Public Downloads 
  true 


HostFolder is where you list the specific folder you want to share. In the above example, the Public Download folder is shared on Windows systems. ReadOnly indicates whether the Sandbox can write to the folder or not. Set it to true to make the folder read-only or false to make it writable.

Just be aware that you are essentially at risk for your system by linking a folder between your host and the Windows Sandbox. Giving Sandbox write access increases the risk. If you are testing something you think might be harmful, you should not use this option.

How to run a script at startup

Finally, you can run custom scripts or basic commands. For example, you can force the Sandbox to open a mapped folder at the launch. Creating that file looks like this:



  C: Users Public Downloads 
  true 



  explorer.exe C: users WDAGUtilityAccount Desktop Downloads 

WDAGUtilityAccount is the default user for the Windows Sandbox, so you will always refer to that when opening folders or files as part of a command.

Unfortunately, the option does not see LogonCommand in the almost released building of Windows 10's May 2019 update to work as intended. It did nothing at all, even when we used the example in Microsoft's documentation. Microsoft is likely to fix this error soon.

 note file showing the logon command

How to start the Sandbox with your settings

When done, save the file and give it a .wsb file extension. For example, if your text editor saves it as Sandbox.txt, save it as Sandbox.wsb. To start the Windows Sandbox with your settings, double-click the .wsb file. You can place it on the desktop or create a shortcut to it on the Start menu.

 configuration files in file explorer

For your convenience, download this DisabledNetwork file to save you a few steps. The file has a txt extension, renames it with a .wsb extension, and you are ready to start the Windows Sandbox.




Source link