Forum Discussion

Harm_Veenstra's avatar
Harm_Veenstra
MVP
Jun 26, 2022

Blogpost - Starting Windows Sandbox with parameters

Wrote a blog post about how to start Windows Sandbox from a PowerShell function, below is the Start-Sandbox function that I made (Fore more details: https://powershellisfun.com/2022/06/25/start-windows-sandbox-with-parameters/)

 

The script:

 

 

#https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file
function Start-Sandbox {
    param(
        [parameter(Mandatory = $false)][string]$MappedFolder,
        [parameter(Mandatory = $false)][string]$MemoryInMB,
        [parameter(Mandatory = $false)][string]$LogonCommand,
        [switch]$vGPUdisable,
        [switch]$AudioInputDisable,
        [switch]$ClipboardRedirectionDisable,
        [switch]$MappedFolderWriteAccess,
        [switch]$NetworkingDisable,
        [switch]$PrinterRedirectionEnable,
        [switch]$ProtectedClientEnable,
        [switch]$VideoInputEnable
    )

    #Validate if $mappedfolder exists
    if ($MappedFolder) {
        if (Test-Path $MappedFolder -ErrorAction SilentlyContinue) {
            Write-Host ("Specified {0} path exists, continuing..." -f $MappedFolder) -ForegroundColor Green
        }
        else {
            Write-Host ("Specified {0} path doesn't exist, exiting..." -f $MappedFolder) -ForegroundColor Red
            return
        }
    }
    #Set Read-Only or Read-Write
    if ($MappedFolderWriteAccess) {
        $WriteAccess = 'false'
    }
    else {
        $WriteAccess = 'true'
    }
    #Create .wsb config file
    $wsb = @()
    $wsblocation = "$($env:Temp)\sandbox.wsb"
    $wsb += "<Configuration>"
    if ($vGPUdisable) {
        $wsb += "<VGpu>Disable</VGpu>"
    }

    if ($AudioInputDisable) {
        $wsb += "<AudioInput>Disable</AudioInput>"
    }

    if ($ClipboardRedirectionDisable) {
        $wsb += "<ClipboardRedirection>Disable</ClipboardRedirection>"
    }

    if ($MappedFolder) {
        $wsb += "<MappedFolders>"
        $wsb += "<MappedFolder>"
        $wsb += "<HostFolder>$($MappedFolder)</HostFolder>"
        $wsb += "<ReadOnly>$($WriteAccess)</ReadOnly>"
        $wsb += "</MappedFolder>"
        $wsb += "</MappedFolders>"
    }

    if ($null -ne $MemoryInMB) {
        $wsb += "<MemoryInMB>$($MemoryInMB)</MemoryInMB>"
        if ($MemoryInMB -le 2048) {
            Write-Host "$($MemoryInMB) Mb(s) specified, Windows Sandbox will automatically allocate more if needed..." -ForegroundColor Yellow
        }
    }

    if ($NetworkingDisable) {
        $wsb += "<Networking>Disable</Networking>"
    }

    if ($LogonCommand) {
        $wsb += "<LogonCommand>"
        $wsb += "<Command>$($LogonCommand)</Command>"
        $wsb += "</LogonCommand>"
    }

    if ($PrinterRedirectionEnable) {
        $wsb += "<PrinterRedirection>Enable</PrinterRedirection>"
    }

    if ($ProtectedClientEnable) {
        $wsb += "<ProtectedClient>Enable</ProtectedClient>"
    }

    if ($VideoInputEnable) {
        $wsb += "<VideoInput>Enable</VideoInput>"
    }

    $wsb += "</Configuration>"
    
    #Create sandbox .wsb file in $env:\temp and start Windows Sandbox using it
    $wsb | Out-File $wsblocation -Force:$true
    Write-Host ("Starting Sandbox...") -ForegroundColor Green
    Invoke-Item $wsblocation
    #Wait for Windows Sandbox to start and delete the sandbox config file
    Start-Sleep -Seconds 5
    Remove-Item -Force:$true -Confirm:$false -Path $wsblocation
    Write-Host ("Done!") -ForegroundColor Green
}

 

 

powershell
Windows Sandbox
No RepliesBe the first to reply

Resources