Windows Sandbox
Windows Sandbox is lightweight non-persistent desktop environment (sandbox) where applications and documents can be opened, tested and analysed before allowing them into a production scenario. As a temporary environment the installed software, data and system state are deleted when the sandbox is shutdown. Each time a new instance of the sandbox is created you get a brand new desktop environment. This negates the need to use separate virtualisation software which often requires far more time and resources to setup.
With the release of Windows 11 build 22509 there is persistence between reboots that are initiated from within the sandbox which is useful when software installations require a reboot to complete.
This feature is available within Windows 10/11 Pro, Enterprise and Education. All said it is not best practice to be conducting malware analysis or detonation on production machines or networks or Privileged Access Workstations.
Run this from an elevated PowerShell to install the additional feature followed by a reboot:
Enable-WindowsOptionalFeature -Online -FeatureName "Containers-DisposableClientVM" -AllThe Sandbox app should now be available on the Start menu.
Creating a configuration file
Use an editor like notepad, Notepad++ or Visual Studio code to create a new file.
<Configuration>
</Configuration>Add your configuration options between the two configuration elements. Save the file with a .wsb file extension. You can then double click (or invoke from PowerShell or CMD) the wsb file to launch a sandbox instance with that configuration.
Additional configuration and further information
Protected client
Increases security settings on the RDP connection used to access the sandbox. If testing malware or potentially malicious software you should probably enable this. It is not enabled by default.
Apply additional security settings on the RDP session to the sandbox:
<ProtectedClient>value</ProtectedClient>Networking
Networking can be disabled if required. It is enabled by default.
Enable or disable network access within the sandbox:
<Networking>value</Networking>Resources
You can disable the virtualised GPU and use Windows Advanced Rasterization Platform (WARP) instead. vGPU requires a compatible GPU and graphics drivers (WDDM 2.5 or newer) so in this case disabling the vGPU altogether might resolve graphics issues. The amount of memory (in MB) allocated to the sandbox can also be configured.
Enable or disable the virtualized GPU:
<vGPU>value</vGPU>Assign the memory to the sandbox:
<MemoryInMB>value</MemoryInMB>Logon command
Configures the sandbox to execute a command at logon. This can be used to install software, change settings, run PowerShell scripts to install features etc.
Execute a command when the Windows Sandbox starts:
<LogonCommand>
<Command>command to be invoked</Command>
</LogonCommand>Redirections
Redirection of printers, clipboard, video (webcam etc), audio and folder mapping are additional features. These features potentially increase the attack surface of the host so probably should not be configured as default.
Share folders from the host with read or write permissions:
<MappedFolders>
<MappedFolder>
<HostFolder>path to the host folder</HostFolder>
<SandboxFolder>path to the sandbox folder</SandboxFolder>
<ReadOnly>value</ReadOnly>
</MappedFolder>
</MappedFolders>Share the host’s microphone input into the sandbox:
<AudioInput>value</AudioInput>Share the host’s webcam input into the sandbox:
<VideoInput>value</VideoInput>Share printers from the host into the sandbox:
<PrinterRedirection>value</PrinterRedirection>Share the host clipboard within the sandbox:
<ClipboardRedirection>value</ClipboardRedirection>Example
This disables the vGPU and Networking and maps the local downloads folder on the host to the sandbox. It then invokes Explorer to load the Downloads folder at logon.
<Configuration>
<vGPU>Disable</vGPU>
<Networking>Disable</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:\Users\Public\Downloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
</LogonCommand>
</Configuration>Source: Microsoft.com
The .io domain has long been favoured by startups, tech companies, and cryptocurrency projects for its sleek, tech-forward appeal. It is often thought to represent "input/output," making it an attractive choice for developers and innovators in the tech space. However, recent political developments involving the British Indian Ocean Territory (BIOT) and Mauritius have put the future of this beloved domain in question. If your business relies on a .io domain, this is the right time to understand the implications of these changes and prepare for potential shifts in the domain landscape.