How to configure Windows Sandbox on Windows 11

by admin

On Windows 11, you can use the “Windows Sandbox” feature (opens in new tab) to create an isolated lightweight virtual machine to test potentially harmful applications without affecting your main setup. 

The feature is basically a traditional virtual machine, but this one is a quick solution that doesn’t take up a lot of space and has been optimized for speed, security, and efficiency.

Although out-of-the-box, the Windows 11 feature provides an isolation layer, it’s still possible for malicious code to make its way to the main setup using some of the features, such the virtual networking, virtual graphics, and file sharing. However, Windows Sandbox includes many settings you can manage through a configuration file to increase security and perform other tasks, such as running commands and scripts, and redirect peripherals like microphones and cameras to test specific features of an application.

This guide will walk you through the steps to configure the Windows Sandbox feature on Windows 11.

How to create a configuration file for Windows Sandbox

To build a configuration file for Sandbox on Windows 11, use these steps:

  1. Open Notepad.
  2. Click the File menu.
  3. Select the Save as option.
  4. Type a descriptive name and use the .wsb extension.

(Image credit: Future)
  1. Use the “Save as type” drop-down menu and select the All Files option.
  2. Click the Save button.

After completing the steps, you can continue using Notepad or another text editor, such as Visual Studio Code, to edit the file and build custom configurations for Windows Sandbox.

How to run startup commands on Windows Sandbox

To run scripts or commands during login on Sandbox, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to run a command during startup on Windows Sandbox: <LogonCommand><Command>cmd.exe</Command></LogonCommand> 

(Image credit: Future)

Inside the Command block, make sure to replace cmd.exe for the command that you want to run. If you need to run a complex command, we recommend creating a script (opens in new tab) and running it with a single command inside Sandbox.

  1. Click the File menu.
  2. Click the Save option.

After you complete the steps, the system will run the commands or scripts you specified during the sign-in process.

How to map host folder on Windows Sandbox

To share a local folder from Windows 11 with the Sandbox desktop, use these steps: 

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the earlier steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to map a folder on Windows Sandbox:<Configuration><MappedFolders><MappedFolder><HostFolder>C:\myshare</HostFolder><ReadOnly>true</ReadOnly></MappedFolder></MappedFolders></Configuration>

(Image credit: Future)

In the script, make sure to specify the path for the host folder that you want to appear inside Windows Sandbox within the HostFolder block. Also, inside the ReadOnly block, use the “true” value (recommended) to enforce accessing the folder in read-only mode or use the “false” value to allow read-and-write access to the folder.

  1. Click the File menu.
  2. Click the Save option.

Once you complete the steps, when you start the Windows Sandbox from the configuration file, the virtual machine will mount the folder and make it available from the desktop.

Although the above instructions show you how to map only one folder, you can create multiple XML “MappedFolder” blocks inside the “MappedFolders” block to mount as many folders as you need.

How to manage virtual network adapter on Windows Sandbox

To manage the virtual network adapter through a configuration file on Windows Sandbox, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to disable the virtual network adapter on Windows Sandbox: <Configuration><Networking>Disable</Networking></Configuration>

(Image credit: Future)
  1. Type the following to enable networking on Windows Sandbox: <Configuration><Networking>Default</Networking></Configuration> 
  • Quick note: Although you can disable networking, Windows Sandbox will enable this feature by default whether or not you use a configuration file.
  1. Click the File menu.
  2. Click the Save option.

Once you complete the steps, running the .wsb file will spin the virtualization environment with the configuration specified in the file.

How to manage virtual graphics on Windows Sandbox

To manage the virtual graphics adapter from the .wsb file, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to disable the vGPU adapter on Windows Sandbox: <Configuration><VGpu>Disable</VGpu></Configuration>

(Image credit: Future)
  1. Type the following to enable the vGPU on Windows Sandbox: <Configuration><VGpu>Default</VGpu></Configuration> 
  • Quick note: Although you can specify to disable the vGPU, Windows Sandbox will enable this feature by default whether or not you use a configuration file.
  1. Click the File menu.
  2. Click the Save option.

After you complete the steps, the virtualization environment will enable or disable the graphics adapter, depending on your configuration. If you disable the virtual GPU, this will result in performance degradation.

How to configure memory usage for Windows Sandbox

To change the amount of memory for the lightweight virtual machine, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to change the amount of memory (in megabytes) for the Sandbox on Windows 11: <Configuration><MemoryInMB>8192</MemoryInMB></Configuration>

(Image credit: Future)

In the syntax, change 8192 (representing 8GB of RAM) for the amount you want to assign to the feature.

  1. Click the File menu.
  2. Click the Save option.

Once you complete the steps, the Sandbox will boot with the amount of memory you specified.

How to share audio devices on Windows Sandbox

To share audio devices like a microphone with the Sandbox, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to enable audio devices on Windows Sandbox: <Configuration><AudioInput>Default</AudioInput></Configuration>

(Image credit: Future)
  1. Type the following to disable the audio devices on Windows Sandbox: <Configuration><AudioInput>Disable</AudioInput></Configuration>
  • Quick note: The syntax also supports the “Enable” value.
  1. Click the File menu.
  2. Click the Save option.

After you complete the steps, you will be able to connect the microphone to the Sandbox to test the application in question.

How to share video devices on Windows Sandbox

To share videos devices like a webcam with the Sandbox, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to enable video input devices on Windows Sandbox: <Configuration><VideoInput>Default</VideoInput></Configuration>

(Image credit: Future)
  1. Type the following to disable the video input devices on Windows Sandbox: <Configuration><VideoInput>Disable</VideoInput></Configuration>
  • Quick note: The syntax also supports the “Enable” value.
  1. Click the File menu.
  2. Click the Save option.

Once you complete the steps, you will be able to connect, for example, a webcam to the Sandbox to test a specific application.

How to increase security between the host and Windows Sandbox

To increase the security between the host computer and Windows Sandbox through the remote desktop connection, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to enable security mitigations on Windows Sandbox: <Configuration><ProtectedClient>Enable</ProtectedClient></Configuration>

(Image credit: Future)
  1. Click the File menu.
  2. Click the Save option.

After you complete the steps, the Windows Sandbox will operate in “Protected Client” mode, which includes extra security mitigation to decrease the chances of attacks through the RPD protocol.

How to control multiple options on Windows Sandbox

To use the Windows Sandbox feature with multiple options on Windows 11, use these steps:

  1. Open File Explorer.
  2. Navigate to the configuration file.
  3. Right-click the .wsb configuration file you created in the previous steps, select the Open with option, and click the Choose another app option.
  4. Select the Notepad option.
  5. Click the OK button.
  6. Type the following to customize Windows Sandbox with all the available options: <Configuration><Networking>Disable</Networking> <VGpu>Disable</VGpu> <MappedFolders><MappedFolder><HostFolder>C:\myshare</HostFolder> <ReadOnly>True</ReadOnly></MappedFolder></MappedFolders> <ProtectedClient>Enable</ProtectedClient><MemoryInMB>8192</MemoryInMB> <AudioInput>Default</AudioInput><VideoInput>Default</VideoInput></Configuration>

(Image credit: Future)
  1. Click the File menu.
  2. Click the Save option.

Once you complete the steps using these specific settings, the virtual machine will run without a connection to the internet, and the virtual graphics will be disabled in favor of the software rendering engine. In addition, the feature will run a script to map a folder to the desktop, redirect audio and video devices to the virtual machine, and apply additional mitigations to increase security.

If you stumble upon issues, double-check the syntaxes in the configuration file to ensure that you use the proper casing. For instance, instead of “Disable,” try to use “disable” to see if that fixes the problem.

In addition to the settings outlined in this guide, Windows Sandbox supports other features, including printer redirection with the “PrinterRedirection” option and clipboard redirection with the “ClipboardRedirection” option.

More resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Leave a Reply

Related Posts

You May Missed

Discover more from Ultimatepocket

Subscribe now to keep reading and get access to the full archive.

Continue reading