DavidXanatos
commented
2 years ago why are you still using the sbiectrl.exe instead of the new much better sandman.exe ui?
Open 1mm0rt41PC opened 2 years ago
DavidXanatos
commented
2 years ago why are you still using the sbiectrl.exe instead of the new much better sandman.exe ui?
1mm0rt41PC
commented
2 years ago I'm using the new UI but for an unkown reason, it still load the sbiectrl.exe every time even if I use the command line argument:
C:\Program Files\Sandboxie-Plus\Start.exe /box:DefaultBox /silent /nosbiectrl cmd.exe the /nosbiectrl is ignored. Actually to avoid the sbiectrl.exe to run, I delete sbiectrl.exe :/
My configuration:
#
# Sandboxie-Plus configuration file
#
[GlobalSettings]
NetworkEnableWFP=y
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
EditAdminOnly=y
ForceDisableAdminOnly=y
ForgetPassword=y
[DefaultBox]
Enabled=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
AllowNetworkAccess=<BlockNetAccess>,n
BoxNameTitle=n
CopyLimitKb=81920
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ClosedIpcPath=<StartRunAccess>,*
DropAdminRights=y
FakeAdminRights=n
BlockNetworkFiles=n
AutoRecover=y
ProcessGroup=<StartRunAccess>,powershell.exe,powershell_ise.exe,explorer.exe,rundll32.exeI'm using the new UI but for an unkown reason, it still load the sbiectrl.exe every time even if I use the command line argument:
C:\Program Files\Sandboxie-Plus\Start.exe /box:DefaultBox /silent /nosbiectrl cmd.exethe/nosbiectrlis ignored. Actually to avoid the sbiectrl.exe to run, I delete sbiectrl.exe :/
If that happens this means your user settings are missing the appropriate
SbieCtrl_AutoStartAgent=SandMan.exe
entry, you should be able to set this option in the [GlobalSettings] section for all users
you can also set SbieCtrl_EnableAutoStart globally as well
Using the plus UI you can put the Sandboxie-Plus.ini at C:\ProgramData\Sandboxie-Plus\ but that requires a business type certificate, then all users will have the same config
1mm0rt41PC
commented
2 years ago It's perfect, it works very well ! I will add it to the official documentation :) I will close this issue once the documentation is updated.
DavidXanatos
commented
2 years ago The general rule is that any setting then querried the default way if not present in the section its being queried in is then queried in the global section.
1mm0rt41PC
commented
2 years ago This point is not true for box section ? I tryed to move DropAdminRights and BorderColor from DefaultBox to GlobalSettings but it doesn't work:
[GlobalSettings]
# Is ignored
DropAdminRights=y
# Is ignored
BorderColor=#000000,ttl,6
# ...
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=n
SbieCtrl_EnableLogonStart=n
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=n
SbieCtrl_AddContextMenu=n
SbieCtrl_AddSendToMenu=n
SbieCtrl_AutoRunSoftCompat=n
[DefaultBox]
Enabled=y
# DropAdminRights=y <=== Trying global setting
# BorderColor=#000000,ttl,6 <=== Trying global settingThe 2 global parameters are ignored whether in the graphical interface for managing the box parameters or in real tests.
After thinking about it, it could be useful to have this functional behavior, it could lighten the configuration when using many boxes. Here is an example of a configuration file that is 102 lines long and 78 lines long after restructuring via the general section:
[GlobalSettings]
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
NetworkEnableWFP=y
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
EditAdminOnly=y
ForceDisableAdminOnly=y
ForgetPassword=y
# Set unmutable parameters for all [UserSettings_XXXXX]
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=n
SbieCtrl_EnableLogonStart=n
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=n
SbieCtrl_AddContextMenu=n
SbieCtrl_AddSendToMenu=n
SbieCtrl_AutoRunSoftCompat=n
# Global box setting
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
BoxNameTitle=n
CopyLimitKb=81920
DropAdminRights=y
FakeAdminRights=n
BlockNetworkFiles=n
AutoRecover=y
AutoDelete=y
[DefaultBox]
# Allow to run cmd but not powershell.exe,powershell_ise.exe,explorer.exe,rundll32.exe
Enabled=y
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ClosedIpcPath=<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,powershell.exe,powershell_ise.exe,explorer.exe,rundll32.exe
[putty]
# Run only putty and allow only a TCP connection to the range 205.166.94.10 - 205.166.94.16 on port 22
Enabled=y
ClosePrintSpooler=y
PromptForFileMigration=n
ClosedIpcPath=!<StartRunAccess>,*
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ProcessGroup=<StartRunAccess>,putty.exe
LeaderProcess=putty.exe
NetworkAccess=Block
NetworkAccess=putty.exe,Allow;Port=22;Address=205.166.94.10-205.166.94.16;Protocol=TCP
[junk]
# Kill all process here
# Catch helppane.exe and kill it
Enabled=y
ClosedIpcPath=!<StartRunAccess>,*
ForceProcess=helppane.exe
# Override default parameter
BlockNetworkFiles=y
AutoRecover=n
[ie]
Enabled=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
AllowNetworkAccess=<BlockNetAccess>,n
ForceProcess=iexplore.exe
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
LeaderProcess=iexplore.exeI have made some test but I don't understand the rule:
[GlobalSettings]
# Work
NetworkAccess=Block
# Don't work
AutoDelete=y
BorderColor=#000000,ttl,6
# Global box setting
[Template_Cust_MyGlobalSettings]
Tmpl.Title=Cust_MyGlobalSettings
Tmpl.Class=Misc
# Work
NetworkAccess=Block
# Don't work
AutoDelete=y
BorderColor=#000000,ttl,6
[DefaultBox]
Enabled=y
Template=Cust_MyGlobalSettings
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ClosedIpcPath=<StartRunAccess>,*
Is your feature request related to a problem or use case?
I currently have 3 users on the same computer but each has his own Windows session. The problem is that some configuration points such as SbieCtrl_HideMessage and SbieCtrl_EnableAutoStart are specific to each user which requires me to configure each user manually. To simplify the reading and maintenance of these configuration points I would like to add some configuration points in the GlobalSettings section.
Describe the solution you'd like
I would like the following configuration points to be definable in the GlobalSettings section
These points would not be modifiable directly via the UI but only via the edition of the configuration file:
And in order to avoid the creation of user sections it would be useful to have a configuration point such as
DisableUserSettingsthat defines if user sections can be created:Describe alternatives you've considered
I tried to use these multiple user sections but it is not very efficient in the end.