Application Sandboxing is an action in Application Control Solution (ACS) action that limits the environments in which certain code can execute. The sandbox runs a process in a job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
to To further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights ImprovementsAdjust process rights - restricted SID.)
| Tip | ||
|---|---|---|
| ||
Some of the |
...
Internet-facing apps today (such as Internet Explorer, Chrome, Word, and Adobe Reader) already implement their own extended sandboxing. As such, |
...
the sandboxing feature |
...
would not |
...
apply to them |
...
. |
For further reading about Application Sandboxing application sandboxing in Windows, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Apply Sandbox Action
...
Create sandbox action
To create a sandbox action, do the following steps:
- In the Thycotic Security Manager, click the Policies tab.
- In the file library in the left pane, navigate to Thycotic Solutions > Application Control > Actions.
- Right-click the Actions folder, click New, and then click Sandbox Action.
In the Create Item dialog box, give the sandbox a Name and Description.
- Click Save.
- In the right-pane, set the Restrictions by selecting the check boxes.
- Click Save.
You can find the new action at the bottom of the list of Actions folders.