Steam running in Sandboxie requires login each time on restart.

[solf]

Describe what you noticed and did

I have a fully working Steam setup on my machine (Win10 Home). I wanted to run two instances of one game and so I've set up a second Steam copy inside a Sandboxie.

It's set to 'Application Compartment' (I've purchased supporter cert via Patreon) and I've set Steam library folder to 'Open' access (i.e. '..\Steam\steamapps\common\', though I initially started with '..\Steam\steamapps\' but later realized it's probably better to add 'common').

This seems to work fine except on every Steam process restart in the Sandboxie it wants me to login again -- it doesn't remember previous authentication (unlike Steam instance running outside the Sandboxie on the same machine).

Interestingly and possibly relatedly -- if I do 'Change Account...' in Steam (in Sandboxie) it shows me the list of all accounts I have logged in Steam outside the sandbox (i.e. it can 'see' / import inside the sandbox the data about the accounts I already had logged into Steam prior to initializing sandboxed Steam instance) -- but selecting the account in that list still prompts me to enter password / login via Steam guard (and yes, in case this is relevant -- Steam account in question is protected via Steam guard on the phone).

I found issue #2320 and added OpenProtectedStorage=y to the sandbox configuration -- but it doesn't seem to have changed/fixed anything.

Any suggestions/recommendations on fixing this?

How often did you encounter it so far?

Always when I restart Steam inside the Sandboxie.

Expected behavior

Steam in Sandboxie should behave the same as the one outside Sandboxie -- remember login information and start without requiring re-login every time (when the corresponding checkbox is set in Steam).

Affected program

steam.exe

Download link

https://store.steampowered.com/about/

Where is the program located?

The program is installed both inside and outside the sandbox.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie-Plus v1.12.3

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 Home 21H2

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

no realtime scanning software installed, windows defender is also disabled

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{zzz-xxx-yyy-sss-www}%
BorderColor=#00fd00,ttl,6
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
Template=RpcPortBindingsExt
ConfigLevel=10
NoSecurityIsolation=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
CopyLimitKb=281920
OpenProtectedStorage=y
OpenFilePath=xxxx\Steam\steamapps\common\
OpenFilePath=zzzz\SteamLibrary\steamapps\common\

[kokofixcomputers]

Seems like steam only allows one instance to be logged in, i tried to login two steam in two different accounts but one account just keeps getting kicked out, prob unrelated to sandboxie

[solf]

Seems like steam only allows one instance to be logged in, i tried to login two steam in two different accounts but one account just keeps getting kicked out, prob unrelated to sandboxie

Doesn't seem to be the same experience for me.

I can run two Steams simultaneously just fine -- one standard (not-sandboxied) and one sandboxied -- using different accounts.

The standard Steam works just fine -- including remembering the account when restarting (fully closing & re-opening Steam).

The Sandboxied one works fine too -- except it requires me to login into Steam (throws up login dialog without anything pre-filled in the account field) every time I fully close the sandboxied Steam and re-open it.

Certainly looks like a Sandboxie issue to me.

[kokofixcomputers]

Seems like steam only allows one instance to be logged in, i tried to login two steam in two different accounts but one account just keeps getting kicked out, prob unrelated to sandboxie

Doesn't seem to be the same experience for me.

I can run two Steams simultaneously just fine -- one standard (not-sandboxied) and one sandboxied -- using different accounts.

The standard Steam works just fine -- including remembering the account when restarting (fully closing & re-opening Steam).

The Sandboxied one works fine too -- except it requires me to login into Steam (throws up login dialog without anything pre-filled in the account field) every time I fully close the sandboxied Steam and re-open it.

Certainly looks like a Sandboxie issue to me.

Oh well i can't sign into the same steam account on different windows account, the first logged in user gets kicked out

[solf]

Oh well i can't sign into the same steam account on different windows account, the first logged in user gets kicked out

Just to make sure things are clear -- I'm not talking about trying to login the same Steam account simultaneously (under Sandboxie or otherwise).

I have an issue with Steam under Sandboxie always requiring new login whenever I (re)start Steam.

For comparison -- same Windows account, Steam running without Sandboxie -- it remembers the last login just fine, doesn't require login on (re)start.

The above is true regardless of whether I run two (Sandboxie+standard) or one Steam account at a time.

[kokofixcomputers]

That's odd. Can you try to login to steam only on the sandboxie and sign out steam from the computer and restart it or do whatever that will trigger the sign out previously, and see if it works On Feb 8, 2024 at 5:16 AM -0800, solf @.***>, wrote:

Oh well i can't sign into the same steam account on different windows account, the first logged in user gets kicked out Just to make sure things are clear -- I'm not talking about trying to login the same Steam account simultaneously (under Sandboxie or otherwise). I have an issue with Steam under Sandboxie always requiring new login whenever I (re)start Steam. For comparison -- same Windows account, Steam running without Sandboxie -- it remembers the last login just fine, doesn't require login on (re)start. The above is true regardless of whether I run two (Sandboxie+standard) or one Steam account at a time. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[solf]

That's odd. Can you try to login to steam only on the sandboxie and sign out steam from the computer and restart it or do whatever that will trigger the sign out previously, and see if it works

I'm not sure I'm not misreading the question, but to clarify -- when I run Steam under Sandboxie I'm asked to login every time I start it -- regardless of whether I have another instance of Steam running on the machine (i.e. it happens even if Steam under Sandboxie is the only instance).

Possibly relevant -- this is not a 'blank slate install'. I've been running Steam for ages without Sandboxie and then I've tried to running it under Sandboxie (using the same windows login) -- i.e. sandboxied Steam should have been able to 'see' data left from the time Steam was running without sandbox.

This is confirmed by e.g. 'switch account' functionality (under sandboxied steam) showing all the accounts I've used in non-sandboxied steam -- but selecting either of them requires re-login (whereas it doesn't under non-sandboxied steam).

It feels like some kind of credential/authentication token is not saved correctly under sandboxied steam -- thus every time Steam is closed there it loses the login information.

[kokofixcomputers]

What kind of sandbox is it? Because some times it may not be saved properly when they’re is another data in its location On Feb 9, 2024 at 7:31 AM -0800, solf @.***>, wrote:

That's odd. Can you try to login to steam only on the sandboxie and sign out steam from the computer and restart it or do whatever that will trigger the sign out previously, and see if it works I'm not sure I'm not misreading the question, but to clarify -- when I run Steam under Sandboxie I'm asked to login every time I start it -- regardless of whether I have another instance of Steam running on the machine (i.e. it happens even if Steam under Sandboxie is the only instance). Possibly relevant -- this is not a 'blank slate install'. I've been running Steam for ages without Sandboxie and then I've tried to running it under Sandboxie (using the same windows login) -- i.e. sandboxied Steam should have been able to 'see' data left from the time Steam was running without sandbox. This is confirmed by e.g. 'switch account' functionality (under sandboxied steam) showing all the accounts I've used in non-sandboxied steam -- but selecting either of them requires re-login (whereas it doesn't under non-sandboxied steam). It feels like some kind of credential/authentication token is not saved correctly under sandboxied steam -- thus every time Steam is closed there it loses the login information. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[solf]

What kind of sandbox is it? Because some times it may not be saved properly when they’re is another data in its location

If I understand the question correctly -- it's: 'In an Application Compartment sandbox with no isolation (green sandbox icon).'

(as per OP)

[kokofixcomputers]

Then maybe it will fight with your computer's non-sandboxed steam. Do you have a sandboxie plan? If yes try a Security Hardened sandbox with Data Protection On Feb 10, 2024 at 9:35 PM -0800, solf @.***>, wrote:

What kind of sandbox is it? Because some times it may not be saved properly when they’re is another data in its location If I understand the question correctly -- it's: 'In an Application Compartment sandbox with no isolation (green sandbox icon).' (as per OP) — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[solf]

Then maybe it will fight with your computer's non-sandboxed steam. Do you have a sandboxie plan? If yes try a Security Hardened sandbox with Data Protection

I did some testing and it looks like the problem is only present in 'Application Compartment' mode -- regardless of 'Data Protection' setting. Both 'Standard' and 'Security Hardened' modes seem to log into Steam just fine.

Which is kinda ironic, I bought Sandboxie 'sub' in part so I could run 'Application Compartment' which is supposed to be the most lightweight and compatible if I understand things correctly?

[kokofixcomputers]

Well sometimes it’s because two instances of a app on the same hard drive fights On Feb 14, 2024 at 6:38 AM -0800, solf @.***>, wrote:

Then maybe it will fight with your computer's non-sandboxed steam. Do you have a sandboxie plan? If yes try a Security Hardened sandbox with Data Protection I did some testing and it looks like the problem is only present in 'Application Compartment' mode -- regardless of 'Data Protection' setting. Both 'Standard' and 'Security Hardened' modes seem to log into Steam just fine. Which is kinda ironic, I bought Sandboxie 'sub' in part so I could run 'Application Compartment' which is supposed to be the most lightweight and compatible if I understand things correctly? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[solf]

I'm not sure what the implications are?

My naive understanding is that the point of sandboxes is isolation, so anything I do in the sandbox should not affect the system as a whole.

And in this case it seems to do that part (i.e. sandboxied steam doesn't seem to affect system's steam). But it doesn't quite work fully correctly in the sandbox.

Is it 'not a bug'?

[kokofixcomputers]

I'm not sure what the implications are?

My naive understanding is that the point of sandboxes is isolation, so anything I do in the sandbox should not affect the system as a whole.

And in this case it seems to do that part (i.e. sandboxied steam doesn't seem to affect system's steam). But it doesn't quite work fully correctly in the sandbox.

Is it 'not a bug'?

no because the Application Compartment mode lets the software go to your hard drive but then it fights with the existing one

[kokofixcomputers]

Application compartment mode has no isolation On Feb 16, 2024 at 5:52 AM -0800, solf @.***>, wrote:

I'm not sure what the implications are? My naive understanding is that the point of sandboxes is isolation, so anything I do in the sandbox should not affect the system as a whole. And in this case it seems to do that part (i.e. sandboxied steam doesn't seem to affect system's steam). But it doesn't quite work fully correctly in the sandbox. Is it 'not a bug'? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[xsmolasses]

I'm not sure what the implications are? My naive understanding is that the point of sandboxes is isolation, so anything I do in the sandbox should not affect the system as a whole. And in this case it seems to do that part (i.e. sandboxied steam doesn't seem to affect system's steam). But it doesn't quite work fully correctly in the sandbox. Is it 'not a bug'?

no because the Application Compartment mode lets the software go to your hard drive but then it fights with the existing one

Doubt this is the reason - I see as described soured Steam login behaviour with clean install of Windows [10; 22H2 (19045.3930)] and Sandbox install of Steam albeit via Application Compartment Box (NoSecurityIsolation=y) with Data Protection (UsePrivacyMode=y).

Setting NoSecurityIsolation=n then Steam's launch splash dialog won't prompt for login (uses the session that was saved somewhere), and you know, walks on by, except to be eclipsed by warnings about dropped rights as an unrelated(?) matter, // Let Sandboxie preemptively start SteamService.exe /RunAsService StartService=Steam Client Service

So I think we need to delve deeper.

[kokofixcomputers]

Sure i will mention @DavidXanatos to dive deeper On Feb 16, 2024 at 4:03 PM -0800, xsmolasses @.***>, wrote:

I'm not sure what the implications are? My naive understanding is that the point of sandboxes is isolation, so anything I do in the sandbox should not affect the system as a whole. And in this case it seems to do that part (i.e. sandboxied steam doesn't seem to affect system's steam). But it doesn't quite work fully correctly in the sandbox. Is it 'not a bug'? no because the Application Compartment mode lets the software go to your hard drive but then it fights with the existing one Doubt this is the reason - I see as described soured Steam login behaviour with clean install of Windows [10; 22H2 (19045.3930)] and Sandbox install of Steam albeit via Application Compartment Box (NoSecurityIsolation=y) with Data Protection (UsePrivacyMode=y). Setting NoSecurityIsolation=n then Steam's launch splash dialog won't prompt for login (uses the session that was saved somewhere), and you know, walks on by, except to be eclipsed by warnings about about dropped rights as an unrelated(?) matter, Let Sandboxie preemptively start SteamService.exe /RunAsService StartService=Steam Client Service So I think we need to delve deeper. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[xsmolasses]

Sorry if impolite to @DavidXanatos @solf [and @adamantida #3729]

Sandboxie's implementation of Protected Storage (SbiePst.dat) failing with Application Compartment (NoSecurityIsolation=y)

@ECHO OFF
CMDKEY /list
CMDKEY /add:foobar /user:foo /pass:bar
::CMDKEY: A specified logon session does not exist. It may already have been terminated.
::cmdkey.exe: SBIE2213 Windows Credentials cannot be stored in the sandbox
CMDKEY /list:foobar
CMDKEY /delete:foobar
CMDKEY /list:foobar

# This bypasses Sandboxie PStore and evidently allows writing to system PStore; does Steam even use?
ReadIpcPath=\RPC Control\protected_storage
#

# note: Steam "ConnectCache" is here "%Local AppData%\Steam\local.vdf"
# case: multiple Steam accounts, multiple Sandboxes, best keep local.vdf distinct (UsePrivacyMode=y)
# case: a single Steam account, multiple Sandboxes, symbolic links targeting local.vdf, convenience?

[NewKidOnTheBlock]

I tried to build a Steam box to test free games with. The idea is to prevent games from vomitting all over the OS drive, Windows and Steam installation, installing 3rd party apps etc. So I created a dedicated Steam Testbox.

If it's a regular sandbox (= yellow), everything works as intended. Steam starts without bothering you. But if I set it to compartment style (= green), Steam asks for login and demands full 2-Factor-Authentication every time.

All this assumes that you have a regular non-sandboxy Steam already installed and want to have a sandboxed Steam for game testing purposes on top.