How to Enable or Disable Networking in Sandbox on Windows 11

|

|

This article provides a guide on enabling or disabling networking in the sandbox environment of Windows 11. By default, networking is off to reduce the attack surface, but for accessing external networks, users must allow it by creating a virtual switch. This can be done through the Local Group Policy Editor or the Windows Registry.

This article describes the steps to turn on or off networking from the host into the Sandbox in Windows 11.

When you turn on Sandbox in Windows 11, you enable a lightweight, isolated desktop environment to run applications safely. The sandbox environment is completely isolated, remains “sandboxed,” and runs separately from the host machine.

By default, networking is disabled in the Windows sandboxed environment to decrease the attack surface exposed by the Sandbox. If you need the sandboxed environment to access external networks, you must allow networking to the Windows sandbox.

This is done by creating a virtual switch on the host and connecting the Windows Sandbox to it via a virtual NIC.

Below is how to do that in Windows 11.

How to turn on or off networking with Sandbox in Windows 11

As described above, by default, networking is disabled in the Windows sandboxed environment to decrease the attack surface exposed by the Sandbox.

You will not be able to access external networks, including the internet, if you don’t allow networking.

Below is how to do that.

First, open Local Group Policy Editor by clicking on the Start Menu and searching for Edit group policy, as highlighted below.

Under Best match, select Edit group policy to launch Local Group Policy Editor.

In the left pane of Local Group Policy Editor, expand the tree: 

Computer Configuration > Administrative Templates > Windows Components > Windows Sandbox

Then, in the Windows Sandbox details pane on the right, locate and double-click the setting that says “Allow networking in Windows Sandbox.”

On the Allow networking in Windows Sandbox window, set the option to Not ConfigureEnabled, or Disabled.

  • Not Configured (default)
  • Enabled  – Virtual switch is created to allow networking to the Windows sandbox.
  • Disabled – Networking is disabled in the Windows sandbox

Enable or disable printer sharing with Sandbox via Windows Registry

If you can’t open the Local Group Policy Editor, you can use the Windows Registry instead.

Open the Windows Registry, and navigate to the folder key path as listed below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Sandbox

If you don’t see the Sandbox folder key, right-click on the Windows key, then create a subfolder key called Sandbox.

Right-click on the Sandbox folder key’s right pane and select New -> DWORD (32-bit) Value. Next, type a new key named AllowNetworking.

Double-click the new key and enter the Value data as 1 to enable networking between the host and the sandbox environment.

A 0-value data or simply deleting the key will disable networking between the host and the sandbox environment.

That should do it!

Reference:

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

Conclusion:

This post showed you how to enable networking between the host and sandbox environment in Windows 11. Please use the comment form below if you find any errors above or have something to add.

Like this:



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.