Open and save files directly

L

LarryUru

New member
Hello team, I'm really new with Sandboxie and I'm trying to configure a sandbox to isolate a couple of programs that checks if there is another copy of them already running on the system (we are using RDP).

The only thing I need is to avoid these programs to see other running instances of them and I was able to accomplish that, but the problem I have is that the users must to be able to work directly on the files (not to copy them to the sand box and then close the program to retrieve the files).

There is any option to open all files directly from the host while still isolating the executables? (the files are located on local hard drives, pendrives and windows shared folders).

Also, the copy and autorecover function will degrade performance and require the user intervention or close the program every few minutes to update the files.

Another question, can we run the isolated programs with the AD domain user that opened them? I mean, not using the ANONYMOUS LOGON?

We are willing to purchase a paid license if needed, but must to confirm if this solution works for us first (the 5 minutes test will be enough for confirming that).

Thanks in advance and best regards.
 
Hello,

LarryUru said:
There is any option to open all files directly from the host while still isolating the executables? (the files are located on local hard drives, pendrives and windows shared folders).
Click to expand...

Here is an overview over resource access types.

OpenFilePath or OpenPipePath (the latter is used if the binary/executable is located inside a sandbox folder, compared to a folder on the host)

You can restrict that to specific folders or file-types. e.g.
OpenFilePath=C:\path_to_the_working_folder\

OpenFilePath=*.txt

Another question, can we run the isolated programs with the AD domain user that opened them? I mean, not using the ANONYMOUS LOGON?

We are willing to purchase a paid license if needed, but must to confirm if this solution works for us first (the 5 minutes test will be enough for confirming that).
Click to expand...

For questions about the licenses, which are handled by David, please send an e-mail to the address you can find here.

It might be possible by disabling security properties, but David should understand your use-case better and educate you about the downsides.
 
Hello Bastik, and thanks for your excellent response.

I was able to open all files directly, adding the option:

OpenFilePath=*.*

I played with the security options and now the software is running with a login named as the sandbox (I couldn't make the software to run with the domain credentials), still didn't fixed the problem.

It seems that the sandboxed programs can't open files inside local or shared foldes that starts with "." (seems to be a really specific problem).

Will continue testing the security options and let you know for the results, but any other idea is really appreciated.

Best regards.

See bellow my current configuration:

Enabled=y
BorderColor=#02f6f6,ttl,6
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
NetworkAccess=*,Allow;Protocol=Any
PinToTray=y
PromptForInternetAccess=y
BlockNetworkFiles=n
OpenCredentials=y
OpenWndStation=y
CopyLimitKb=-1
AllowRawDiskRead=y
PromptForFileMigration=n
StripSystemPrivileges=n
UnrestrictedSCM=y
ExposeBoxedSystem=y
UseSbieDeskHack=n
UseSbieWndStation=n
CopyBlockDenyWrite=y
NotifyNoCopy=y
OpenFilePath=*
SandboxieLogon=y
 
For testing, you may try, NoSecurityIsolation=y or NoSecurityFiltering=y

I don't know enough about the inner workings of Sandboxie to tell you how effective that can be.

Since the options are supposed to be paid for, they are restricted, but if you need more than 5 minutes to test, you can request a test certificate.
 
I forgot to mention, how to obtain a "test certificate" (evaluation certificate). Now realizing because of another thread.

If you go to Global Settings > Support & Updates > [Sandboxie Support] there should be a link labeled "Get a free evaluation certificate" followed by "and enjoy all premium features for ~10 days". The link opens a dialog for you to input a valid e-mail address to which an "evaluation certificate" is sent.
 
You must log in or register to reply here.
Back
Top