How Windows Sandbox config files work - gHacks Tech News

How Windows Sandbox config files work

Microsoft is working on Windows Sandbox, a sandboxed environment for the Windows operating system, currently.

The feature is being tested in Windows 10 Insider Builds currently and it is possible that Windows Sandbox will find its way into Windows 10 version 1903.

The initial version of Windows Sandbox was quite basic: users could launch it on Windows 10 devices and use it, but that was about the scope of it.

Sandbox Config files

SandboxConfigFile

Starting with the latest builds, it is now possible to use config files to customize certain aspects. Config file support is basic at this point but it allows administrators and users to launch apps or scripts automatically in the sandbox. In other words: you may run something in the sandboxed environment automatically.

The config files use XML and have the extension .wsb. You may run any .wsb file with a double-click or by running it from the command line or by using scripts.

Windows Sandbox .wsb scripts support the following configuration options currently:

  • Enable or disable the virtualized GPU.
  • Enable or disable networking in the sandbox.
  • Share folders from the host.
  • Run a startup script or program.

Most options are straightforward at this point in time.

Virtualized GPU

  • <VGpu>Disable</VGpu> -- Disables virtual GPU support in the sandbox. Software rendering will be used.
  • <VGpu>Enable</VGpu> -- Enables virtual GPU support.

Networking:

  • <Networking>Disable</Networking> -- Disables networking in the sandbox.
  • <Networking>Enable</Networking> -- Enables networking in the sandbox.

Shared Folders:

<MappedFolder>
<HostFolder>path to the host folder</HostFolder>
<ReadOnly>value</ReadOnly>
</MappedFolder>

You need to specify a folder that you want to share with the host system, e.g. c:\virtual, and whether you want it to be read-only or support write operations as well.

ReadOnly values are true (make it read-only) or false (read and write support).

Note that folders are always mapped under the path C:\Users\WDAGUtilityAccount\Desktop.

Command on Logon

<LogonCommand>
<Command>The command</Command>
</LogonCommand>

You may specify a file name and path or a script. The command explorer.exe would work, as would reference to a script, e.g. C:\users\wdagutilityaccount\desktop\test\start.cmd.

Example XML file

<Configuration>
<VGpu>Disable</VGpu>
<Networking>Disable</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:\Users\Martin\Downloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
</LogonCommand>
</Configuration>

Save the file as something.wsb and launch it whenever you want to run the sandbox with this configuration. It is pretty basic: disables the virtual GPU and networking, maps the Downloads folder of the user account Martin, and launches File Explorer in the sandbox that displays the Downloads folder.

Closing Words

Config file support extends Windows Sandbox functionality significantly as you may use these files to share folders with the sandbox and run scripts. You could use it to map a downloads folder and run downloaded files in the sandbox for that extra bit of security.

We will update the guide when new features are introduced.

Now You: What is your take on the Windows Sandbox so far? What would you like to see?

Summary
How Windows Sandbox config files work
Article Name
How Windows Sandbox config files work
Description
The guide lists all available configuration options for Windows Sandbox to customize the environment, e.g. by launching scripts.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Paul(us) said on February 22, 2019 at 12:55 pm
    Reply

    That they reduce memory use.
    I know that not so powerful hardware should be able to run the Sandbox.
    And I also know that they are trying to let Windows automatically take back the memory used by (from) the sandbox but main understanding is, that you need at least 8Gb Ram for only the Sandbox to run perfectly smooth.

    But when on the other hand when you want to run together at the same time with the Sandbox one – or more outer not Sandbox programs you will need at least 16 GB Ram I have read and I also reading already discussions, that 32 GB Ram is even better to run multiple applications next to each other perfectly smoothly, when there will be any use of the page file (hickups/stop of use), file transferring or swapping going on.

  2. Mike said on February 22, 2019 at 5:23 pm
    Reply

    Does Windows Sandbox supports GPU Passthrough / running games ?

  3. Anonymous said on February 23, 2019 at 4:10 am
    Reply

    Wild guess is it will be full of bugs.

    1. noemata said on February 23, 2019 at 10:10 am
      Reply

      how to isolate something on the top of a system that is in its base the opposite of an isolated system. backdoors everywhere. possibly better protection against dangerous 3rd party software, but not against the dangerous operating system itself on which the (proprietary) container is running. “windows – sandbox” .. yet another contradiction in itself. the whole os itself must be container. and much more.

  4. Rossco said on February 25, 2019 at 11:01 am
    Reply

    Gnome Boxes does the job, run legacy Windows 10 as a KVM guest, sans any networking.

  5. Sterling said on April 12, 2019 at 7:54 am
    Reply

    Anyone else unable to get a script to run? Sandbox opens the same way regardless of script or not. But the batch file isn’t being executed apparently.

  6. John Hind said on May 26, 2019 at 3:58 pm
    Reply

    Just received this long-awaited feature in the release version.

    What a letdown Microsoft! First as predicted by Anonymous above, it is buggy as hell. It won’t let me type in the search box in the taskbar! Although I can cut and paste files into the sandbox, I cannot drag-and drop them! Basic operations keep hanging for hours on end!

    But also I thought at least it would herald Microsoft letting us run a virtualised version of Windows 10 inside a licenced host version without buying an additional licence, but no, Windows is not activated inside the sandbox! It is this kind of greed that turns people to linux!

    Finally, what’s with all this config files re-invention of the wheel? Just let us configure the OS however we want inside the sandbox and then save it as our own VHD. That feature is already there in Hyper-V!

    Honestly, you’d think an organisation with the resources of Microsoft could do better than this!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.