This is a tutorial to show how to configure SandboxieLogon and why you want to use it if you can.
The reason this is not enabled by default, is that some security software that inspects the HTTPS traffic of applications, mostly browsers, messes with the TLS certificate or the traffic in some way that makes the software unable to connect to the internet. The workaround could be to disable that feature of the security software, but that would be a tradeoff, you have to consider.
The default way is that Sandboxie starts all sandboxed applications as the same restricted user (ANONYMOUS LOGON), which means that all of them share the same user, which is not ideal if you are running multiple applications in different boxes. With
There is a setting that groups the custom SIDs so they can be addressed by some policy. This setting is called:
For Sandboxie Classic, you have to edit the Sandboxie.ini manually and add
SandboxieLogon=y is a setting that creates a custom SID for each sandbox, that is restricted in the same way the default anonymous SID is restricted.The reason this is not enabled by default, is that some security software that inspects the HTTPS traffic of applications, mostly browsers, messes with the TLS certificate or the traffic in some way that makes the software unable to connect to the internet. The workaround could be to disable that feature of the security software, but that would be a tradeoff, you have to consider.
SandboxieLogon=y can be set globally, so it applies to all sandboxes. It is also applicable per sandbox, so if you have enabled it globally you can set SandboxieLogon=n for sandboxes that run software, where the security software interferes.The default way is that Sandboxie starts all sandboxed applications as the same restricted user (ANONYMOUS LOGON), which means that all of them share the same user, which is not ideal if you are running multiple applications in different boxes. With
SandboxieLogon=y each sandbox has its own restricted custom SID, so that sandboxes are isolated from each other. This is positive in terms of privacy and security. If SandboxieLogon=y is set, you can see the sandbox name in the task manager and tell which process belongs to which sandbox.There is a setting that groups the custom SIDs so they can be addressed by some policy. This setting is called:
SandboxieAllGroup=yFor Sandboxie Classic, you have to edit the Sandboxie.ini manually and add
SandboxieLogon=y to the global section or to the sandboxes it should be used for. You can do the same with Sandboxie-Plus, but it also offers internal editors. If you want to add SandboxieLogon=y globally open the Global Settings, go to "Edit ini section" and paste it there. To do that per sandbox, you have to open the sandbox settings and edit the ini section.