Application Sandboxing is an action in Application Control Solution (ACS) action that limits the environments in which certain code can execute. The sandbox runs a process in a job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
to To further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights Improvements.)
| Tip | ||
|---|---|---|
| ||
Some of the |
...
Internet-facing apps today (such as Internet Explorer, Chrome, Word, and Adobe Reader) already implement their own extended sandboxing. As such, |
...
the sandboxing feature |
...
would not |
...
apply to them |
...
. |
...
For further reading about Application Sandboxing in Windows, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Create Sandbox Action
To create a sandbox action, do the following steps:
...
You can find the new action at the bottom of the list of Actions folders.
Related Links