Skip to content

Custom Code for Windows SandBox

Custom Code for Windows SandBox

Windows Sandbox is a lightweight, isolated desktop environment that allows users to safely run untrusted applications without affecting their primary system. A useful feature of Windows Sandbox is its support for configuration files, which enable a wide range of customizations. These configuration files, introduced in Windows 10 build 18342 and also supported in Windows 11, allow users to tailor Sandbox to their specific needs.

This article dives into how Windows Sandbox configuration files work, the customizable settings they offer, and how to utilize them effectively for different scenarios.

Table of Contents

  1. What Are Windows Sandbox Configuration Files?
  2. Why Use a Configuration File?
  3. Key Customization Options in Windows Sandbox Configuration Files
  1. How to Create a Windows Sandbox Configuration File
  2. Best Practices for Using Windows Sandbox Configuration Files

What Are Windows Sandbox Configuration Files?

Windows Sandbox configuration files are XML-based files with the .wsb file extension. These files provide a set of instructions to customize the behavior and resources of the Sandbox instance. By using a configuration file, users can control aspects like hardware resources, networking options, folder sharing, and more, making Sandbox an even more powerful tool for testing or running untrusted applications.

Why Use a Configuration File?

A configuration file allows for better control over how Sandbox behaves, including security settings, available system resources, and device access. Whether you are a developer needing a specific environment for testing or a user wanting enhanced security, configuration files make it easier to predefine settings and reduce manual adjustments.

Key Customization Options in Windows Sandbox Configuration Files

Each XML configuration file supports several customizable parameters. Here’s a detailed look at the most critical options:

1. vGPU (Virtualized GPU)

  • Function: Controls whether the Sandbox utilizes the host’s virtualized GPU or switches to software rendering using the Windows Advanced Rasterization Platform (WARP).
  • Use Case:
    • Enable: Improves graphics performance and is ideal for apps needing hardware-accelerated graphics.
    • Disable: Offers greater isolation by avoiding direct access to the host’s GPU, enhancing security in some scenarios.

2. Networking

  • Function: Enables or disables network access within the Sandbox.
  • Use Case:
    • Enable: For testing applications that require internet or network connectivity.
    • Disable: For increased isolation, ensuring that the Sandbox remains disconnected from both the internet and internal networks, preventing malware from spreading.

3. Mapped Folders

  • Function: Allows specific folders from the host system to be shared with the Sandbox, with options for read or write permissions.
  • Security Concern: Sharing folders between the host and the Sandbox could expose sensitive files to malware if the Sandbox environment is compromised.
  • Use Case:
    • Enable: Useful for transferring files for testing or sharing documents, but caution is needed due to the potential for data leakage.

4. Logon Command

  • Function: Specifies a command to execute automatically when the Sandbox starts.
  • Use Case: Automate routine tasks like launching applications or scripts immediately upon starting the Sandbox environment.

5. Audio Input

  • Function: Shares the host’s microphone input with the Sandbox.
  • Use Case: Useful when testing applications requiring voice input, such as voice recognition software, but can be disabled for added security.

6. Video Input

  • Function: Enables the Sandbox to use the host’s webcam.
  • Use Case: Critical for testing apps that need access to video input, such as video conferencing tools.

7. Protected Client

  • Function: Applies increased security settings to the Remote Desktop Protocol (RDP) session connecting to the Sandbox.
  • Use Case: Enhances security when using remote connections, ensuring that sensitive data is better protected during RDP sessions.

8. Printer Redirection

  • Function: Allows the Sandbox to share the host’s printers, enabling printing from within the Sandbox environment.
  • Use Case: Beneficial when testing document processing applications or when printing is required from within Sandbox.

9. Clipboard Redirection

  • Function: Shares the host’s clipboard with the Sandbox, allowing text and files to be copied and pasted between the two environments.
  • Security Concern: Be cautious of enabling this, as malicious applications could potentially access sensitive data from the host clipboard.
  • Use Case: Useful for productivity when needing to transfer data between the host and Sandbox, but it can introduce security risks if used carelessly.

10. Memory in MB

  • Function: Defines the amount of memory (in megabytes) allocated to the Sandbox.
  • Use Case: For more memory-intensive applications, increase the assigned memory to improve performance. Conversely, for lightweight tasks, reducing memory usage could save resources for other applications running on the host.

How to Create a Windows Sandbox Configuration File

Creating a configuration file for Windows Sandbox is straightforward. You can create the file using a standard text editor like Notepad. Save it in the extension format [name].wsb e.g. waredata.wsb, and you can run it by double-clicking on the file. In this case, you can use the code below to share folders, share clipboards, share audio, share video, share printers, and also share networking with the host computer:

<Configuration>
  <vGpu>Enable</vGpu>
  <Networking>Enable</Networking>
  <AudioInput>Enable</AudioInput>
  <VideoInput>Enable</VideoInput>
  <ClipboardRedirection>Enable</ClipboardRedirection>
  <PrinterRedirection>Enable</PrinterRedirection>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Users\Public\Documents</HostFolder>      <SandboxFolder>C:\Users\WDAGUtilityAccount\Downloads</SandboxFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>
    <Command>explorer.exe C:\users\WDAGUtilityAccount\Downloads</Command>
  </LogonCommand>
</Configuration>

Best Practices for Using Windows Sandbox Configuration Files

  • Security First: Always consider disabling features like networking, vGPU, or folder mapping if you are working with untrusted software to prevent malware from accessing host resources.
  • Use Automation: The LogonCommand can save time by automating repetitive tasks, such as launching specific applications or scripts upon Sandbox startup.
  • Optimize Performance: Adjust the memory setting according to your needs. Allocate more memory for demanding applications to avoid performance bottlenecks.
Custom Windows Sandbox – YouTube

Maybe you like other interesting articles?

Leave a Reply

Your email address will not be published. Required fields are marked *