├── README.md ├── Sandbox_registry_content.xml └── WindowsSandbox_Explorer.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # WindowsSandbox_Explorer 2 | Windows Sandbox Explorer: a quick PowerShell way to modify the default Windows Sandbox 3 | -------------------------------------------------------------------------------- /Sandbox_registry_content.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /WindowsSandbox_Explorer.ps1: -------------------------------------------------------------------------------- 1 | #*************************************************************************************************************** 2 | # Author: Damien VAN ROBAEYS 3 | # Website: http://www.systanddeploy.com 4 | # Twitter: https://twitter.com/syst_and_deploy 5 | # GitHub path: https://twitter.com/syst_and_deploy 6 | #*************************************************************************************************************** 7 | 8 | Param 9 | ( 10 | [String]$Content_to_add 11 | ) 12 | 13 | # Check if tool is executed with admin rights 14 | [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | out-null 15 | $Run_As_Admin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) 16 | If($Run_As_Admin -eq $False) 17 | { 18 | # [System.Windows.Forms.MessageBox]::Show("Please run the tool with admin rights :-)") 19 | write-warning "Please run the tool with admin rights :-)" 20 | break 21 | } 22 | Else 23 | { 24 | # Check if Windows Sandbox feature is installed 25 | $Is_Sandbox_Installed = (Get-WindowsOptionalFeature -online | where {$_.featurename -eq "Containers-DisposableClientVM"}).state 26 | If($Is_Sandbox_Installed -eq "Disabled") 27 | { 28 | # [System.Windows.Forms.MessageBox]::Show("The feature Windows Sandbox is not installed !!!") 29 | write-warning "The feature Windows Sandbox is not installed !!!" 30 | } 31 | Else 32 | { 33 | $Progress_Activity = "Configuring the default Windows Sandbox" 34 | write-progress -activity $Progress_Activity -percentcomplete 5; 35 | 36 | # Stop the the Container service 37 | $Check_Service = Get-Service CmService -ea silentlycontinue 38 | If($Check_Service -ne $null) 39 | { 40 | Try 41 | { 42 | $Check_Service | stop-service -force 43 | write-host "Step 1/7: CmService has been stopped" 44 | } 45 | Catch 46 | { 47 | write-warning "Step 1/7: Can not stop the service CmService" 48 | Break 49 | } 50 | } 51 | Else 52 | { 53 | write-warning "Step 1/7: Can not find the service CmService" 54 | Break 55 | } 56 | 57 | write-progress -activity $Progress_Activity -percentcomplete 20; 58 | 59 | # Mount the default Windows Sandbox VHDX file 60 | $BaseImages_Path = "C:\ProgramData\Microsoft\Windows\Containers\BaseImages" 61 | If(!(test-path $BaseImages_Path)) 62 | { 63 | write-warning "Can not find: $BaseImages_Path" 64 | Break 65 | } 66 | $Get_BaseImage_Content = Get-Childitem $BaseImages_Path 67 | $Get_GUID = $Get_BaseImage_Content.Name 68 | $Get_VHDX_Path = "$BaseImages_Path\$Get_GUID" 69 | $Baselayer_VHDX = "$Get_VHDX_Path\BaseLayer.vhdx" 70 | 71 | Try 72 | { 73 | Mount-VHD -Path $Baselayer_VHDX 74 | # Mount-DiskImage -ImagePath $Baselayer_VHDX 75 | write-host "Step 2/7: Default Sandbox has been mounted" 76 | } 77 | Catch 78 | { 79 | write-warning "Step 2/7: Default Sandbox has been mounted" 80 | Break 81 | } 82 | 83 | write-progress -activity $Progress_Activity -percentcomplete 35; 84 | 85 | # Find the mounted VHDX drive letter 86 | $Get_VHDX_Volume = get-volume | Where {$_.FileSystemLabel -eq "PortableBaseLayer"} 87 | 88 | $Get_Baselayer_Drive = $Get_VHDX_Volume.DriveLetter + ":" 89 | $Sandbox_Files = "$Get_Baselayer_Drive\Files" 90 | $Sandbox_Hives = "$Get_Baselayer_Drive\Hives" 91 | 92 | # Check if the parameter Content_to_add is filled 93 | If($Content_to_add -eq $null) 94 | { 95 | write-warning "Parameter Content_to_add is empty" 96 | write-warning "There is nothing to add in the default Windows Sandbox" 97 | Break 98 | } 99 | 100 | # Copy explorer content from the path in Content_to_add 101 | $Get_Explorer_Content = get-childitem $Content_to_add -Recurse | where {$_.Name -ne "Sandbox_registry_content.xml"} 102 | If($Get_Explorer_Content.count -gt 0) 103 | { 104 | copy-item "$Content_to_add\*" $Sandbox_Files -Recurse -Force 105 | write-host "Step 3/7: Explorer content has been copied" 106 | } 107 | Else 108 | { 109 | write-host "Step 3/7: Skipped (nothing to copy)" 110 | 111 | } 112 | 113 | # Add registry content in the Sandbox if needed 114 | $Registry_content_file = "$Content_to_add\Sandbox_registry_content.xml" 115 | If(test-path $Registry_content_file) 116 | { 117 | $Sandbox_registry_content = [xml](get-content $Registry_content_file) 118 | $Get_registry_content = $Sandbox_registry_content.Registry_Keys.Registry_Key 119 | $Check_Registry_content = $Get_registry_content.Reg_Path 120 | If($Check_Registry_content -ne $null) 121 | { 122 | $WDAGUtilityAccount_NTUser = "$Sandbox_Files\Users\WDAGUtilityAccount\ntuser.dat" 123 | $Test_Hive = "HKLM\Test" 124 | 125 | # Load the Sandbox registry hive 126 | Try 127 | { 128 | reg load $Test_Hive $WDAGUtilityAccount_NTUser | out-null 129 | write-host "Step 4/7: Registry hive has been loaded" 130 | } 131 | Catch 132 | { 133 | write-warning "Step 4/7: Can not load the registry hive" 134 | Break 135 | } 136 | 137 | write-progress -activity $Progress_Activity -percentcomplete 45; 138 | 139 | ForEach($Reg_Key in $Get_registry_content) 140 | { 141 | $Get_Reg_Path = $Reg_Key.Reg_Path 142 | $Get_Reg_PropertyType = $Reg_Key.Reg_PropertyType 143 | $Get_Reg_Property = $Reg_Key.Reg_Property 144 | $Get_Reg_Value = $Reg_Key.Reg_Value 145 | 146 | If(!(test-path "HKLM:\Test\$Get_Reg_Path")) 147 | { 148 | New-Item -Path "HKLM:\test\$Get_Reg_Path" -force | out-null 149 | } 150 | New-ItemProperty -Path "HKLM:\test\$Get_Reg_Path" -Name $Get_Reg_Property -Value $Get_Reg_Value -PropertyType $Get_Reg_PropertyType -Force | out-null 151 | } 152 | write-host "Step 5/7: Registry content have been added" 153 | 154 | # Unload the Sandbox registry hive 155 | write-progress -activity $Progress_Activity -percentcomplete 70; 156 | reg unload $Test_Hive | out-null 157 | write-host "Step 6/7: Registry hive has been unloaded" 158 | } 159 | Else 160 | { 161 | write-host "Step 4/7: Skipped (no registry content to add)" 162 | write-host "Step 5/7: Skipped (no registry content to add)" 163 | write-host "Step 6/7: Skipped (no registry content to add)" 164 | } 165 | } 166 | Else 167 | { 168 | write-host "Step 4/7: Skipped (no registry content to add)" 169 | write-host "Step 5/7: Skipped (no registry content to add)" 170 | write-host "Step 6/7: Skipped (no registry content to add)" 171 | } 172 | 173 | write-progress -activity $Progress_Activity -percentcomplete 90; 174 | Dismount-VHD -Path $Baselayer_VHDX | out-null 175 | # Dismount-DiskImage -ImagePath $Baselayer_VHDX 176 | write-host "Step 7/7: Default Sandbox has been unmounted" 177 | write-progress -activity $Progress_Activity -percentcomplete 100; 178 | write-host "You can now use your customized Windows Sandbox :-)" 179 | } 180 | } 181 | --------------------------------------------------------------------------------