Configure Windows Sandbox in Windows 10 Version 1903

[The AchieVer]

Configure Windows Sandbox in Windows 10 Version 1903 

 

Windows Sandbox is a completely new feature exclusively available in Windows 10 May 2019 Update, or version 1903.

Its purpose is to allow users to run apps in a secure environment, as it plays the role of a virtual machine that lets you launch a separate Windows instance that runs in a sandbox and blocks potentially dangerous files from reaching the data stored on the local drives.

“At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted,” Microsoft explains.

As you probably know if you already tried Windows Sandbox, there are no configuration settings available for this feature, and the only thing you can do, at least at first glance, is launch and close the Sandbox.

But even though it’s not necessarily the most straightforward method, you can actually change various settings of Windows Sandbox using a standalone configuration file that you can create manually.

The configuration file uses the .WSB format and you can save it wherever you want because you can then launch Windows Sandbox with the set parameters by simply double-clicking this file.

At this point, the following settings can be adjusted in Windows Sandbox:
 

vGPU

Networking

Shared folders

Startup script

Setting up a Windows Sandbox configuration file might seem very complex at first, but it’s actually pretty simple once you understand what you need to do.
 

 

 

First and foremost, the default template that you must use is the following:

<Configuration>
</Configuration>

All the settings that you’re going to define in this file need to be placed between the two configuration tags.

Now let’s get straight to setting up the virtual GPU. At this point, Windows Sandbox lets you enable and disable the vGPU, and to do this, you must use the following commands:

vGPU enabled: <VGpu>Enable</VGpu>
vGPU disabled: <VGpu>Disable</VGpu>

In other words, your configuration file should look like this if you want to disable vGPU:

<Configuration>
<VGpu>Disable</VGpu>
</Configuration>

Pretty easy, right? Now let’s move on to networking. The command in this case is the following:

Networking enabled: <Networking>Enable</Networking>
Networking disabled: <Networking>Disable</Networking>

This means the configuration file should look like this to disable networking:

<Configuration>
<Networking>Disable</Networking>
</Configuration>

For mapped folders, the command is this:

<MappedFolder>
    <HostFolder>path to folder</HostFolder>
    <ReadOnly>value</ReadOnly>
</MappedFolder>

And for running a command on launch (after Windows Sandbox loads), you need to use this command:

<LogonCommand>
   <Command>command to run</Command>
</LogonCommand>

The best thing is that you can combine all of these to create more complex configuration files that allow you to customize Windows Sandbox according to your needs.

For example, if you want to disable vGPU and networking and run the Windows Calculator on launch, the configuration file should be the following:

<Configuration>
<VGpu>Disable</VGpu>
<Networking>Disable</Networking>
<LogonCommand>
   <Command>calc.exe</Command>
</LogonCommand>
</Configuration>

While it might seem like a rather basic and less-refined feature at first, this file lets you customize Windows Sandbox exactly how you need it, and for power users or system administrators, it makes it possible to perform more than just basic configuration.

For instance, with more advanced commands you can instruct Windows Sandbox to download and install scripts on boot, provide access to certain folders, and run certain commands that automate the process of testing certain services within networks.

 

 

Source