To script installations of apps when launching Windows Sandbox, you need to use the "LogonCommand" option in the Windows Sandbox configuration file, which allows you to specify a command or script that will run automatically when the Sandbox starts up; essentially, you create a script containing your installation commands and then point the LogonCommand to that script file which is mapped into the Sandbox as a shared folder.
Create a script:
Write a PowerShell or batch script that includes the installation commands for the software you want to automatically install in the Sandbox.
Map the script folder:
In your Windows Sandbox configuration file, use the "MappedFolders" option to specify the folder on your host machine where your installation script is located, allowing the Sandbox to access it.
Set the LogonCommand:
Within the configuration file, use the "LogonCommand" tag to point to the path of your installation script within the mapped folder.
"MappedFolders":
This section specifies that the "C:\Users\YourUser\Scripts" folder on the host machine will be accessible within the Sandbox.
"LogonCommand":
This line sets the command that will run when the Sandbox starts, which in this case is the "InstallApps.ps1" script located in the mapped folder.
Example (using PowerShell):
Script (named "InstallApps.ps1"):
Code
Start-Process -FilePath "C:\path\to\installer.exe" -ArgumentList "/silent", "/norestart"
# Add more installation commands for other applications as needed
*note: The sandbox runs with a limited user account ("WDAGUtilityAccount"), so ensure your scripts have appropriate permissions to install software.
Also, you cannot directly link an AD Group Policy Object (GPO) to the Sandbox itself because it is a temporary, isolated environment that does not join the domain; however, you can configure the Sandbox using a configuration file (.wsb) to apply specific settings that mimic certain group policy behaviors. There are also limited Local Group Policy settings available in: "Computer Configuration" > "Administrative Templates" > "Windows Components" > "Windows Sandbox".
Here's the link to the Microsoft Learn article on Sandbox:https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file