How to configure Windows Sandbox using configuration files


Windows Sandbox, Windows 10 built-in sandbox, added the ability to use configuration files to configure various aspects of sandbox usage (vGPU, network support, shared folders).

Microsoft continues to work on an isolated Windows Sandbox environment built into the Windows 10 operating system. At this point, the sandbox is being tested by members of the Insider Preview program, and it is likely that we will be able to see it already in Windows 10 April 201 Update (version 1903).

How to configure Windows Sandbox using configuration files

Early versions of Windows Sandbox offered the most basic functions: the user could only launch a virtualized environment on Windows 10 devices. However, the latest builds added the ability to use configuration files to customize various aspects of using the sandbox. Currently, only basic configuration file support is implemented, but even it allows administrators and users to launch applications and scripts automatically in an isolated environment.

Configuration files use XML syntax and have the extension .wsb. Any WSB file can be launched by double-clicking, referring from the command line or using scripts.

Currently, the .wsb scripts support the following configuration options:

Enable or disable GPU virtualization.
Enable and disable network sandbox support.
Shared folders with host system.
Auto run script or command.

Graphics Virtualization

<VGpu>Disable</VGpu> -- disables support for a virtual video card in the sandbox. Only software rendering will be used.

<VGpu>Enable</VGpu> -- includes support for GPU virtualization.

Work with network

<Networking>Disable</Networking> -- disable network support in the sandbox

<Networking>Enable</Networking> -- enable network support in the sandbox

Shared folders

<MappedFolder>

<HostFolder>path to the folder in the host system</HostFolder>

<ReadOnly>value</ReadOnly>

</MappedFolder>

Here you need to specify the path to the folder in the host system that you want to use in the sandbox, for example c: \ virtual. The ReadOnly parameter specifies whether the specified folder will be read only (true) or read / write (false).

Note that shared folders are located relative to the path: C:\Users\WDAGUtilityAccount\Desktop.

Team at the entrance

<LogonCommand>

<Command>Command</Command>

</LogonCommand>

Here you can specify the file name, path or script. The explorer.exe command will work with a link to the script, for example C:\Users\wdagutilityaccount\Desktop\test\start.cmd.

An example of the finished XML file

<Configuration>
<VGpu>Disable</VGpu>
<Networking>Disable</Networking>
<MappedFolders>
    <MappedFolder>
        <HostFolder>C:\Users\Comssru\Downloads</HostFolder>
        <ReadOnly>true</ReadOnly>
    </MappedFolder>
</MappedFolders>
<LogonCommand>
    <Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
</LogonCommand>
</Configuration>

Save the file in the .wsb format and run it if you want to apply the specified parameters to the sandbox. In the example, everything is very simple and straightforward: support for graphics virtualization and network support is disabled, the download folder is listed as shared and the download folder opens when launched in Windows Explorer.

Configuration files greatly extend the functionality of the Windows Sandbox. Files allow you to set up shared folders and automatically launch scripts. You can customize the work with the downloads folder and launch files downloaded from the Internet in a safe isolated environment.

This guide will be updated as new features are added.

Will you use Windows Sandbox? Do you use third-party solutions, such as Sandboxie? Share in the comments below.


Leave a comment

* - Required fields