Windows Sandbox是一种虚拟化环境,类似于Windows 10 Pro ? i Enterprise中可用的虚拟机。您可以使用它来测试您不确定是否安全的应用程序、访问不可信的网站,以及通常做一些您担心可能会危及您的主系统的事情。在2020(May 2020 Update)年5 月更新之前,您无法以任何方式个性化Windows 沙盒。(Windows Sandbox)现在您可以了,因为Microsoft允许您创建和使用可以改变Windows Sandbox工作方式的脚本。这是如何做到的:
注意:(NOTE:)在您可以自定义Windows 沙盒(Windows Sandbox)在您的 PC 上的工作方式之前,您必须先安装它。如果您需要这方面的帮助,请阅读如何通过三个步骤在 Windows 10 中安装 Windows Sandbox(How to install Windows Sandbox in Windows 10 in three steps)。此外,如果您想知道Windows Sandbox对您有何用处,这里有一些想法:您可以使用 Windows Sandbox 做的 4 件事(4 things you can do with Windows Sandbox)。此外,请记住,本指南仅适用于带有2020 年 5 月更新(May 2020 Update)、专业版或企业版(Pro or Enterprise editions)的 Windows 10 中的Windows 沙盒(Windows Sandbox)。它在Windows 10(Windows 10)家庭(Home)版中不可用。
如何配置 Windows 沙盒
为了自定义Windows 沙盒(Windows Sandbox)或在您启动它时自动运行应用程序和脚本,您必须创建一个配置文件。为此,您可以使用记事本(Notepad)或任何其他文本处理器应用程序为Windows Sandbox编写代码。您为Windows Sandbox(Windows Sandbox)创建的每个配置文件都必须以该行开头 并以行结束</Configuration>。您要添加的所有其他代码必须放在这些代码行之间。
创建配置文件并完成向其中添加所有代码后,您必须使用文件扩展名.wsb保存它。
然后,您可以双击或双击.wsb文件以启动您的个性化Windows 沙盒(Windows Sandbox)。
现在让我们看看您可以为Windows Sandbox使用哪些代码和脚本:
如何与Windows Sandbox共享文件夹(Windows Sandbox)
Windows Sandbox可以映射来自主机的文件夹。换句话说,您可以让您的Windows 沙盒(Windows Sandbox)“看到”在您的 Windows 10 PC 上找到的文件夹。为此,在您使用记事本创建的(Notepad,).wsb文件中,添加以下代码:
<映射文件夹>
<映射文件夹>
与 Windows 沙盒共享的文件夹
<ReadOnly>真或假</ReadOnly>
</映射文件夹>
</映射文件夹>
您可以根据需要添加任意数量的文件夹进行共享:只需确保将它们的路径放在标签。此外,对于添加到列表中的每个文件夹,您可以指定是否希望Windows Sandbox对其具有只读访问权限。为此,添加代码真的在它之后。如果您希望Windows Sandbox对该文件夹具有写入权限,请添加代码错误的在它之后。但是,请记住,这会使共享文件夹中的文件和文件夹可供您在Windows Sandbox中运行的应用程序使用。换句话说,这些应用程序可以更改您可能不想要的文件。
例如,如果您希望Windows 沙盒(Windows Sandbox)能够访问您的“下载(Downloads)”文件夹,请键入:
<映射文件夹>
<映射文件夹>
C:用户用户名下载
<ReadOnly>真</ReadOnly>
</映射文件夹>
</映射文件夹>
确保将UserName更改为您的 Windows 10用户帐户(user account)的名称。
然后,当您使用此.wsb配置文件运行(.wsb)Windows Sandbox时,所有共享文件夹立即在桌面上或以下位置可用:C:\Users\WDAGUtilityAccount\Desktop。
如何在Windows 沙盒中自动运行应用程序或脚本(Windows Sandbox)
Windows Sandbox还允许您在启动后立即运行应用程序(可执行文件)或脚本。为此,您必须在.wsb配置文件中添加以下代码:
<登录命令>
启动时运行的命令
</登录命令>
该命令可以是Windows Sandbox中可用的任何可执行文件或脚本的路径。这意味着您可以自动打开文件资源管理器、记事本(File Explorer, Notepad,)或其他系统应用程序。如果您愿意,您甚至可以运行在共享文件夹中找到的应用程序(如本指南上一节所示)。
下面是一个在启动时自动打开文件资源管理器的(File Explorer)Windows 沙盒配置文件示例:(Windows Sandbox)
下面是一个Windows 沙盒(Windows Sandbox)配置文件示例,该文件映射下载(Downloads)主机文件夹并自动从中运行可执行文件:
在最后一个示例中,这是我们在启动Windows Sandbox时得到的:
注意:(NOTE:)如果您指定不存在的命令、可执行文件或脚本文件的路径,Windows Sandbox将返回错误并在您尝试打开它时停止。此外,在试验此功能时,我们没有设法自动运行任何需要管理权限(administrative permissions)并触发UAC 提示(UAC prompts)的可执行文件,例如命令提示符(Command Prompt)。
如何在Windows Sandbox中启用或禁用网络(Windows Sandbox)
如果您不希望Windows Sandbox能够访问您的网络和 Internet,请在.wsb配置文件中添加以下代码行:禁用.
这将禁用Windows Sandbox(Windows Sandbox)的网络服务,如下面的屏幕截图所示。
如果您希望网络可以访问,请删除 禁用配置文件中的行或将禁用(Disable)值更改为默认值(Default):<Networking>Default</Networking>。
如何在Windows Sandbox中启用或禁用虚拟图形处理单元(Windows Sandbox)
同样,Windows Sandbox还允许您禁用虚拟图形硬件渲染引擎。换句话说,Windows Sandbox默认与您 PC 上的Windows 10共享您的显卡。但是,您可以禁用此功能并强制Windows Sandbox使用软件渲染,这样您就不会暴露您的GPU。尽管这会使Windows Sandbox运行速度变慢,但在某些情况下,它可能很有用。要在Windows Sandbox(Windows Sandbox)中禁用 vGPU 支持,请在.wsb配置文件中添加以下代码:禁用.
要在Windows Sandbox(Windows Sandbox)中启用 GPU 共享,请删除禁用.wsb配置文件中的行或将其值设置为Default :<VGpu>Default</VGpu>。
您还希望在Windows Sandbox中看到哪些其他功能?
尽管配置Windows Sandbox的工作方式是您现在可以做的事情,但感觉仍处于早期状态。我们还希望看到Microsoft添加自动将USB设备直接连接到Windows Sandbox的选项。我们相信您也有其他很酷的想法。告诉我们您希望Windows Sandbox具有哪些其他功能:在下方发表评论,让我们一起讨论。
How to configure Windows Sandbox (run apps/scripts, share folders, etc.)
Windows Sandbox is a virtualized environment similar to a virtual machine that's available in Windows 10 Pro și Enterprise. You can use it to test apps that you're not sure are safe, visit untrustworthy websites, and generally do things that you fear might compromise your main system. Up until May 2020 Update, you couldn't personalize the Windows Sandbox in any way. Now you can, as Microsoft lets you create and use scripts that can alter the way Windows Sandbox works. Here's how to do it:
NOTE: Before you can customize how Windows Sandbox works on your PC, you must first install it. If you need help with that, read How to install Windows Sandbox in Windows 10 in three steps. Also, if you're wondering how Windows Sandbox might be useful to you, here are a few ideas: 4 things you can do with Windows Sandbox. Furthermore, keep in mind that this guide only applies to Windows Sandbox in Windows 10 with May 2020 Update, Pro or Enterprise editions. It is not available in Windows 10 Home.
How to configure Windows Sandbox
In order to customize Windows Sandbox or automatically run apps and scripts when you launch it, you have to create a configuration file. To do that, you can use Notepad or any other text processor application to write code for Windows Sandbox. Every configuration file that you create for Windows Sandbox must start with the line<Configuration> and end with the line</Configuration>. All the other code that you're going to add must be placed between these lines of code.
Once you've created the configuration file and finished adding all the code to it, you have to save it using the file extension .wsb.
Then, you can double-click or double-tap on the .wsb file to launch your personalized Windows Sandbox.
Now let's see what code and scripts you can use for Windows Sandbox:
How to share folders with Windows Sandbox
Windows Sandbox can map folders from the host. In other words, you can make your Windows Sandbox "see" folders found on your Windows 10 PC. To do that, in the .wsb file that you created with Notepad, add the following code:
<MappedFolders>
<MappedFolder>
<HostFolder>Folder shared with Windows Sandbox</HostFolder>
<ReadOnly>true or false</ReadOnly>
</MappedFolder>
</MappedFolders>
You can add as many folders to share as you want: just make sure to put their paths between the<HostFolder></HostFolder> tags. Also, for each folder that you add to the list, you can specify whether you want Windows Sandbox to have read-only access to it. For that, add the code<ReadOnly>true</ReadOnly> after it. If you want Windows Sandbox to have write-access to that folder, add the code<ReadOnly>false</ReadOnly> after it. However, remember that this makes the files and folders from the shared folder available to the apps you run in Windows Sandbox. In other words, those apps can change your files, which you might not want.
For example, if you want your Windows Sandbox to have access to your Downloads folder, type:
<MappedFolders>
<MappedFolder>
<HostFolder>C:\Users\UserName\Downloads</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
Make sure to change UserName with the name of your Windows 10 user account.
Then, when you run Windows Sandbox using this .wsb configuration file, all the shared folders are instantly available on the desktop or at this location: C:\Users\WDAGUtilityAccount\Desktop.
How to automatically run an app or script in Windows Sandbox
Windows Sandbox also lets you run an app (executable file) or a script immediately after launch. To do that, in the .wsb configuration file, you have to add this code:
<LogonCommand>
<Command>Command to run at startup</Command>
</LogonCommand>
The command can be the path to any executable file or script that's available inside the Windows Sandbox. That means that you can, for example, automatically open File Explorer, Notepad, or other system apps. If you want, you can run even an app that's found in a shared folder (as illustrated in the previous section of this guide).
Here's an example of a Windows Sandbox configuration file that automatically opens File Explorer on launch:
And here's an example of a Windows Sandbox configuration file that maps the Downloads host folder and automatically runs an executable file from it:
In the last example, this is what we get when launching Windows Sandbox:
NOTE: If you specify a path to a command, executable, or script file that doesn't exist, Windows Sandbox returns an error and stops when you try to open it. Also, while experimenting with this feature, we did not manage to automatically run any executable files that required administrative permissions and triggered UAC prompts, such as Command Prompt.
How to enable or disable the network in Windows Sandbox
If you don't want Windows Sandbox to be able to access your network and the internet, in the .wsb configuration file, add the following line of code:<Networking>Disable</Networking>.
This disables the networking services for Windows Sandbox, as you can see in the screenshot below.
In case you want the network to be accessible, either delete the <Networking>Disable</Networking> line from the configuration file or change the Disable value to Default:<Networking>Default</Networking>.
How to enable or disable the virtual graphics processing unit in Windows Sandbox
Similarly, Windows Sandbox also lets you disable the virtual graphics hardware rendering engine. In other words, Windows Sandbox shares your graphics card with Windows 10 on your PC by default. However, you can disable this feature and force Windows Sandbox to use software rendering, so that you don't expose your GPU. Although this makes Windows Sandbox run slower, in some situations, it might be useful. To disable vGPU support in Windows Sandbox, in the .wsb config file, add this code:<VGpu>Disable</VGpu>.
To enable the GPU sharing in Windows Sandbox, delete the<VGpu>Disable</VGpu> line from the .wsb configuration file or set its value to Default:<VGpu>Default</VGpu>.
What other features would you like to see in Windows Sandbox?
Although configuring how Windows Sandbox works is something you can do now, it still feels like it's just in an early state. We would also like to see Microsoft add options for automatically connecting USB devices directly to the Windows Sandbox. We're sure you have other cool ideas too. Tell us what other features you would like Windows Sandbox to have: comment below and let's discuss.