Open in app

Sign in

Write

Sign in

ScoopBox — Windows Sandbox Helper

Hasan Hasanov
4 min readNov 25, 2020

--

What is Windows Sandbox?

Technically Windows Sandbox is a lightweight virtual machine created on demand which a user can safely run applications in isolation. This virtual machine is using the same OS image as the host machine. Software installed inside the Windows Sandbox environment remains “sandboxed” and runs separately from the base machine. This is ideal when trying to analyze some programs in isolation.

How to enable Windows Sandbox?

  1. First of all the machine should be using Windows 10 Pro or Enterprise, build version 18305 or later.
  2. Virtualization should be enabled on the machine from the BIOS.
  3. Use the search bar on the task bar and type Turn Windows Features on and off to access the Windows Optional Features tool. Select Windows Sandbox and then OK.
  4. Restart the computer if you’re prompted.

Check here for detailed step by step installation from the official docs.

How to configure Windows Sandbox using configuration file?

Windows Sandbox supports simple configuration file which enables us to customize minimal set of parameters. The configuration file is formatted as XML.

A configuration file enables the user to control the following aspects of Windows Sandbox:

  • vGPU (virtualized GPU): Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use Windows Advanced Rasterization Platform (WARP).
  • Networking: Enable or disable network access within the sandbox.
  • Mapped folders: Share folders from the host with read or write permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
  • Logon command: A command that’s executed when Windows Sandbox starts.
  • Audio input: Shares the host’s microphone input into the sandbox.
  • Video input: Shares the host’s webcam input into the sandbox.
  • Protected client: Places increased security settings on the RDP session to the sandbox.
  • Printer redirection: Shares printers from the host into the sandbox.
  • Clipboard redirection: Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
  • Memory in MB: The amount of memory, in megabytes, to assign to the sandbox.

All you have to do is open notepad.exe and specify the options that you want your Sandbox Instance to have.

Here is how a complete Sandbox file looks like:

Save the file with .wsb extension and you get a Windows Sandbox icon which you can double click to start the instance.

The big “problem” using Windows Sandbox

There is a major problem using Windows Sandbox. Unlike any other virtual machine Windows Sandbox when it is closed will erase ANY user data. This includes every file created anywhere and every problem installed on the machine. This is not something that a user can turn on or off. This is how it was designed.

Every time when someone logs in the environment he should install all the software he needs.

Is there a solution to this? Of course there is!

Solution

If we check the configuration file we see that there is an option to execute a script inside Windows Sandbox — Logon command.

What the documentation didn’t make clear is even though this Logon Command looks like a collection, feels like a collection, acts like a collection it is actually not a collection and can execute only one script.

Here is a PowerShell script that installs Fiddler and Curl inside Windows Sandbox.

After we created the PowerShell we have to transfer it inside the virtual machine. If you look to the sample xml file there is a MappedFolder section which we can use to copy our script inside.

For example if you put the script in a Scripts folder in your desktop and want to execute it from inside the sandbox here is how your configuration should look like:

Note: The default user does not have permissions to execute scripts inside the sandbox. That is why we have to set an execution policy in order to see our script running.

Save it as .wsb file and run it. After some time you should see your programs installed and you can get to work.

What is ScoopBox?

ScoopBox is a C# library that automates the configuration file building and generates a script which inside contains commands to execute using PowerShell.

Install ScoopBox using your preferred way:

Install ScoopBox

Use whichever method you prefer

Install-Package ScoopBox -Version 1.0.0dotnet add package ScoopBox --version 1.0.0<PackageReference Include="ScoopBox" Version="1.0.0" />

How to use ScoopBox?

Here are some examples of the ScoopBox works:

Start Windows Sandbox with preinstalled applications

ISandbox represents a single instance of Windows Sandbox and you can install define which applications to install by which package manager. Currently ScoopBox supports Chocolatey and Scoop package managers.

Start Windows Sandbox with user scripts

You can start Sandbox with custom scripts located somewhere in you PC. It is just enough to point them out.

Start Windows Sandbox with combined scripts

Of course no one is stopping you to combine the scripts and package managers. For example if one of your software is available on Chocolatey and other is in Scoop.

Note: All scripts are ran in the order they are defined.

Modify sandbox configuration file

You can also modify the sandbox configuration file before running scripts.

Conclusion

Windows Sandbox is a great tool with some limitations. In this blog post we discussed how to work around these limitations using either a script or ScoopBox. As always I would like to hear from you in the comments section. Also take a look to ScoopBox in github.

Originally published at https://hasan-hasanov.com.

Windows Sandbox
C Sharp Programming
Dotnet Core
Powershell

--

--

Hasan Hasanov

Written by Hasan Hasanov

3 Followers

HI, I am full time .NET developer. part time teacher and wannabe tech speaker based on Bulgaria

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams