Restrictions Settings

"Restrictions" Settings Group

Sandboxie Control > Sandbox Settings > Restrictions

Settings in this section are intended to alter the default set of restrictions that Sandboxie places on programs running in the sandbox.

  • You can place additional restrictions on programs, to tighten the security of the sandbox.
  • You can relax some of the default restrictions, which is normally not recommended, but may enable some esoteric programs to work.

Internet Access

Sandboxie Control > Sandbox Settings > Restrictions > Internet Access

Use these settings to select which programs, if any, will be allowed to access the Internet in the sandbox. Initially, all programs in the sandbox can access the Internet.

Use the Add by Name button to add a program by typing its explicit executable name. Alternatively, use the Add by File button to navigate to the program folder and select its program executable. Blocking of SMB/CIFS which you can block as well by visiting BlockPort

When any restrictions are in effect, programs that are installed (or downloaded) into the sandbox will never be allowed to access the Internet.

Use the Remove button to remove some program previously added to the list.

The button Block All Programs prevents all programs in the sandbox from accessing the Internet. When this mode is in effect, the button changes to Allow All Programs, and when clicked, will undo the effect of blocking all programs.

Issue message SBIE1307 when access is denied: When a program is restricted due to this setting, Sandboxie can issue a notification message. Use this checkbox setting to indicate whether you would like to receive these notifications. See also message SBIE1307.

You can also configure this setting in the Program Settings window.

Related Sandboxie Ini settings: ClosedFilePath, Notify Internet Access Denied.


Start/Run Access

Sandboxie Control > Sandbox Settings > Restrictions > Start/Run Access

Use these settings to select which programs, if any, will be allowed to start and run in the sandbox. Initially, all programs in the sandbox can start and run in the sandbox.

Use the Add by Name button to add a program by typing its explicit executable name. Alternatively, use the Add by File button to navigate to the program folder and select its program executable.

When any Start/Run restrictions are in effect, programs that are installed (or downloaded) into the sandbox will never be allowed to start or run.

Use the Remove button to remove some program previously added to the list. The Allow All Programs has the same effect as clicking Remove on each and every entry that appears in the list.

Issue message SBIE1308 when access is denied: When a program is restricted due to this setting, Sandboxie can issue a notification message. Use this checkbox setting to indicate whether you would like to receive these notifications. See also message SBIE1308.

You can also configure this setting in the Program Settings window.

Related Sandboxie Ini settings: ClosedIpcPath, Notify Start Run Access Denied.


Drop Rights

Sandboxie Control > Sandbox Settings > Restrictions > Drop Rights

The setting in this page causes Sandboxie to strip administrative rights from programs running in this sandbox.

Specifically, the security credentials used to start the sandboxed program will not include membership in the Administrators and Power Users groups.

Note that this has little effect if you are already running under a non-Administrator user account.

Related Sandboxie Ini settings: DropAdminRights.


Low-Level Access -REMOVED

Hardware Access has been removed from Sandboxie v4 and up.

Previous versions of Sandboxie should not be used and they may not function.

Sandboxie Control > Sandbox Settings > Restrictions > Low-Level Access

This category manages restrictions for several types of global operations which are restricted in some way within the sandbox. Please see the associated Sandboxie Ini settings for more information.


Hardware Access -REMOVED

Hardware Access has been removed from Sandboxie v4 and up.

Previous versions of Sandboxie should not be used and they may not function.

Sandboxie Control > Sandbox Settings > Restrictions > Hardware Access

This category manages restrictions for three types of global operations which are restricted in some way within the sandbox. Please see the associated Sandboxie Ini settings for more information.

  • Permit programs in this sandbox to simulate keyboard and mouse input

  • Permit programs in this sandbox to manage hardware device configuration

    • Related Sandboxie Ini settings: Template=PlugPlay
    • This setting permits a program to update configuration and drivers for hardware devices.

You are advised to keep the hardware access settings in their default, disabled state.

However, when running games or other full screen applications in the sandbox, it may be useful to permit the simulation of keyboard and mouse input.