Application Sandboxing is a feature of ACS an action in Application Control Solution (ACS) that limits the environments in which certain code can execute. In other words, it means running The sandbox runs a process in a Job that job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
...
To a large extent further lock down applications in the post-Windows Vista era, most of the benefits of cross-process protection are mitigated by the Integrity Level (IL) mechanisms introduced. sandbox, you can adjust process rights to add a restricted SID. (For more information, go to Adjust process rights - restricted SID.)
| Tip | ||
|---|---|---|
| ||
Some of the |
...
Internet-facing apps today (such as |
...
Internet Explorer, Chrome, Word, and Adobe Reader) already implement their own extended sandboxing. As such, |
...
the sandboxing feature would not apply to them. |
Further reading that Application Sandboxing in Windows can be found atFor further reading about application sandboxing in Windows, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Create sandbox action
To create a sandbox action, do the following steps:
- In the Thycotic Security Manager, click the Policies tab.
- In the file library in the left pane, navigate to Thycotic Solutions > Application Control > Actions.
- Right-click the Actions folder, click New, and then click Sandbox Action.
In the Create Item dialog box, give the sandbox a Name and Description.
- Click Save.
- In the right-pane, set the Restrictions by selecting the check boxes.
- Click Save.
You can find the new action at the bottom of the list of Actions folders.