https://github.com/marvinjwendt/windows-sandbox-setup
A simple setup for Windows Sandboxes that are a feature of Windows Pro and Windows Enterprise
https://github.com/marvinjwendt/windows-sandbox-setup
isolation sandbox sandbox-environment scripts setup windows
Last synced: 7 months ago
JSON representation
A simple setup for Windows Sandboxes that are a feature of Windows Pro and Windows Enterprise
- Host: GitHub
- URL: https://github.com/marvinjwendt/windows-sandbox-setup
- Owner: MarvinJWendt
- License: mit
- Created: 2023-04-10T20:43:37.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-04-11T12:00:41.000Z (over 2 years ago)
- Last Synced: 2025-02-01T01:36:30.837Z (8 months ago)
- Topics: isolation, sandbox, sandbox-environment, scripts, setup, windows
- Language: PowerShell
- Homepage:
- Size: 18.6 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Windows Sandbox Setup
> **The Windows Sandbox is a feature in Windows Pro and Windows Enterprise.** It is a lightweight desktop environment. It is designed to run untrusted software in isolation from the host operating system. It is a great tool for testing software, and for running software that you don't trust.
This repository contains scripts and configurations to make Windows Sandboxes more user-friendly.

## Setup
To download all assets, you need to run the `setup.ps1` script.
This must only be done once. After that, you can run the `update.ps1` script to update the assets.
## Installed Software
The following software is installed by default:
- Winget
- Windows Terminal## Running a Sandbox
We have different pre-configured sandboxes in the `sandboxes` directory. You can run a sandbox by double-clicking the sandbox configuration file.
### Sandbox Configurations
| Name | Protected Client | vGPU | Memory | Network | Clipboard Redirection | Printer Redirection | Video Input | Audio Input | Transfer Files |
| ---- | ---------------- | ---- | ------ | ------- | --------------------- | ------------------- | ----------- | ----------- | -------------- |
| default | ❌ | ❌ | 4 GB | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ |
| default with vGPU | ❌ | ✔️ | 4 GB | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ |
| performance | ❌ | ❌ | 8 GB | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ |
| performance with vGPU | ❌ | ✔️ | 8 GB | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ |
| total isolation | ✔️ | ❌ | 4 GB | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| total isolation performance | ✔️ | ❌ | 8 GB | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| secure | ✔️ | ❌ | 4 GB | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| secure with networking | ✔️ | ❌ | 4 GB | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| secure with networking no transfer | ✔️ | ❌ | 4 GB | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ |
| secure performance | ✔️ | ❌ | 8 GB | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| secure performance with networking | ✔️ | ❌ | 8 GB | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| secure performance with networking no transfer | ✔️ | ❌ | 8 GB | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ |
| unsecure | ❌ | ❌ | 4 GB | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| unsecure performance | ❌ | ❌ | 8 GB | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| unsecure performance with vGPU | ❌ | ✔️ | 8 GB | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |## Transfering files to and from a Sandbox
You have two ways to communicate with the sandbox. You can use the `share\transfer` directory, or you can use the `share\readonly` directory.
## Using the `share\transfer` directory
The `share\transfer` directory is a shared directory between the host and the sandbox. You can use this directory to transfer files to and from the sandbox.
**CAUTION:** This directory can be used to transfer files from the sandbox to the host. A malicious program in the sandbox, could delete all files in this directory.
## Using the `share\readonly` directory
This directory is read-only for the sandbox.
You can use this directory to store files that you want to be available to the sandbox, but that you don't want to be modified by the sandbox.