Note: When disabling one of the policy settings, users won’t be able to enable the setting via a configuration file. This policy setting can be used to configure video input to the Windows Sandbox. This policy setting can be used to configure virtualized GPU for Windows Sandbox. This policy setting can be used to configure printer sharing from the host into the Windows Sandbox. This policy setting can be used to configure networking in Windows Sandbox. This policy setting can be used to configure sharing of the host clipboard with the Windows Sandbox. This policy setting can be used to configure the audio input to the Windows Sandbox. The currently available policy settings are described below. Those policy settings can help with preventing information from leaking via the isolated environment and with preventing the isolated environment from accidentally infecting the production environment. By default the different policy settings are enabled and for most of these policy settings, security is the main reason for potentially disabling them. These are ADMX-backed policy settings ( WindowsSandbox.admx). The Policy CSP now includes a node of WindowsSandbox with policy settings in the device scope. Starting with the latest Windows insider preview builds, some of these settings are coming to the Policy CSP. That configuration file can be used to configure vGPU (virtualized GPU), networking, mapped folders, logon command, audio input, video input, protected client, printer redirection, clipboard redirection and memory in MB. Those parameters can be configured by creating a configuration file. With Windows 10, version 1903 (19H1), Windows Sandbox was introduced, including different customization parameters. Available Windows Sandbox policies in the Policy CSP Important: This blog post relies on the WindowsSandbox node in the Policy CSP, which is currently only available in the latest Windows insider builds (my current build is 21296). I’ll end this post by showing the configuration result. In this post I’ll briefly go through the currently available policies, followed with the steps of configuring those policies. That won’t prevent the user from creating a configuration file, but that does prevent specific customization parameters from applying to the Windows Sandbox.
With the latest version of Windows 10, the administrator receives some controls for enforcing specific customization parameters. That isolated environment supports simple configuration files, which provide a minimal set of customization parameters. Windows Sandbox is a really nice feature for running applications in an isolated environment. About two years ago I wrote a post about simply enabling Windows Sandbox, by using a simple PowerShell script and distributing that script by using Microsoft Intune.
0 kommentar(er)
