Windows Sandbox is a lightweight virtual machine that allows users to run applications in isolation from the host operating system by creating a temporary, isolated instance of Windows that runs separately from the host machine. Sandbox was introduced in the Windows 10 update 1903 in May 2019. Since then Microsoft has (slowly) continued to enhance the feature set of the Sandbox environment. Recent updates to Windows 10/11 Sandbox include features like enhanced clipboard redirection, control over audio/video input, the ability to share folders with the host PC, and improved configuration options for managing the virtual hard disk (VHD) size and detachment, allowing for more flexibility in managing the Sandbox environment.
To script installations of apps when launching Windows Sandbox, you need to use the "LogonCommand" option in the Windows Sandbox configuration file, which allows you to specify a command or script that will run automatically when the Sandbox starts up; essentially, you create a script containing your installation commands and then point the LogonCommand to that script file which is mapped into the Sandbox as a shared folder.
Create a script:
Write a PowerShell or batch script that includes the installation commands for the software you want to automatically install in the Sandbox.
Map the script folder:
In your Windows Sandbox configuration file, use the "MappedFolders" option to specify the folder on your host machine where your installation script is located, allowing the Sandbox to access it.
Set the LogonCommand:
Within the configuration file, use the "LogonCommand" tag to point to the path of your installation script within the mapped folder.
"MappedFolders":
This section specifies that the "C:\Users\YourUser\Scripts" folder on the host machine will be accessible within the Sandbox.
"LogonCommand":
This line sets the command that will run when the Sandbox starts, which in this case is the "InstallApps.ps1" script located in the mapped folder.
Example (using PowerShell):
Script (named "InstallApps.ps1"):
Code
Start-Process -FilePath "C:\path\to\installer.exe" -ArgumentList "/silent", "/norestart"
# Add more installation commands for other applications as needed
*note: The sandbox runs with a limited user account ("WDAGUtilityAccount"), so ensure your scripts have appropriate permissions to install software.
Also, you cannot directly link an AD Group Policy Object (GPO) to the Sandbox itself because it is a temporary, isolated environment that does not join the domain; however, you can configure the Sandbox using a configuration file (.wsb) to apply specific settings that mimic certain group policy behaviors. There are also limited Local Group Policy settings available in: "Computer Configuration" > "Administrative Templates" > "Windows Components" > "Windows Sandbox".
Here's the link to the Microsoft Learn article on Sandbox:https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
To script installations of apps when launching Windows Sandbox, you need to use the "LogonCommand" option in the Windows Sandbox configuration file, which allows you to specify a command or script that will run automatically when the Sandbox starts up; essentially, you create a script containing your installation commands and then point the LogonCommand to that script file which is mapped into the Sandbox as a shared folder.
Create a script:
Write a PowerShell or batch script that includes the installation commands for the software you want to automatically install in the Sandbox.
Map the script folder:
In your Windows Sandbox configuration file, use the "MappedFolders" option to specify the folder on your host machine where your installation script is located, allowing the Sandbox to access it.
Set the LogonCommand:
Within the configuration file, use the "LogonCommand" tag to point to the path of your installation script within the mapped folder.
"MappedFolders":
This section specifies that the "C:\Users\YourUser\Scripts" folder on the host machine will be accessible within the Sandbox.
"LogonCommand":
This line sets the command that will run when the Sandbox starts, which in this case is the "InstallApps.ps1" script located in the mapped folder.
Example (using PowerShell):
Script (named "InstallApps.ps1"):
Code
Start-Process -FilePath "C:\path\to\installer.exe" -ArgumentList "/silent", "/norestart"
# Add more installation commands for other applications as needed
*note: The sandbox runs with a limited user account ("WDAGUtilityAccount"), so ensure your scripts have appropriate permissions to install software.
Also, you cannot directly link an AD Group Policy Object (GPO) to the Sandbox itself because it is a temporary, isolated environment that does not join the domain; however, you can configure the Sandbox using a configuration file (.wsb) to apply specific settings that mimic certain group policy behaviors. There are also limited Local Group Policy settings available in: "Computer Configuration" > "Administrative Templates" > "Windows Components" > "Windows Sandbox".
Here's the link to the Microsoft Learn article on Sandbox:https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
RSS Feed