Application Sandboxing is an Application Control Solution (ACS) action that limits the environments in which certain code can execute. The sandbox runs a process in a job object that limits its ability to interact with other processes, as well as limiting some specific types of interactions with the operating system, such as:
- Reading or writing from the clipboard
- Shutting down the system
- Adjusting display settings
to further lock down applications in the sandbox, you can adjust process rights to add a restricted SID. (For more information, go to [REVIEW] Adjust Process Rights Improvements.)
Some of the internet facing apps today (such as Internet Explorer, Chrome, Word, Adobe Reader) already implement their own extended sandboxing. As such, this feature would not apply to them.
"You can place multiple apps in the same sandbox.
For further reading about Application Sandboxing in Windows, go to:
- http://www.chromium.org/developers/design-documents/sandbox
- http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
Apply Sandbox Action
Related Links