mirror-Windows-Sandbox-Tools/Sandbox Configurations/MyDefaultSandbox.wsb

<Configuration>
	
	<!-- Basic Options -->
	<Networking>Enable</Networking> <!-- Enable or Disable network access -->
	<MemoryInMB>12288</MemoryInMB> <!-- Adjust allocated memory as desired. Default is only 4GB -->
	<ClipboardRedirection>Enable</ClipboardRedirection>  <!--  Enables or disables sharing clipboard between host & sandbox. Disable if security is paramount. -->
	
	<!-- Security Hardens the sandbox. The docs say this may affect ability to copy and paste, but that still seems to work. So I keep it enabled. -->
	<ProtectedClient>Enable</ProtectedClient> 
	
	<!-- Options for improved security -->
	<VideoInput>Disable</VideoInput>
	<AudioInput>Disable</AudioInput>
	<PrinterRedirection>Disabled</PrinterRedirection>
	<vGPU>Disable</vGPU>

	
	<!--  Map a folder on your main system to appear within the sandbox  -->
	<MappedFolders>
		<!-- Desktop "HostShared" Folder. Put startup script and other useful scripts into. -->
		<MappedFolder>
		  <HostFolder>B:\Caches\Sandbox_Share</HostFolder> <!-- Update the HostFolder path to the one on your real computer that will be shared with the Sandbox -->
		  <SandboxFolder>C:\Users\WDAGUtilityAccount\Desktop\HostShared</SandboxFolder> <!-- Don't change this, the startup script uses hardcoded paths -->
		  <ReadOnly>true</ReadOnly> <!-- If Readonly is True, the sandbox can't change anything the folder (recommended) -->
		</MappedFolder>
	</MappedFolders>

	<!-- Run the powershell script from the mapped folder -->
	<LogonCommand>
		<Command>powershell -executionpolicy Bypass -command "start powershell {-file C:\Users\WDAGUtilityAccount\Desktop\HostShared\SandboxStartup.ps1 -launchingSandbox}"</Command>
	</LogonCommand>

</Configuration> 

<!-- Other Settings Examples
	- See: https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file
	- Note: Anything outside <configuration> tags don't apply
-->