How to Run a Logon Command in Windows Sandbox

Windows Sandbox

You use Windows Sandbox a lot for testing packages or software. Sometimes you want to start it with specific options or install some required apps automatically when it starts. This post shows you how to start Windows Sandbox and then run a logon command automatically in the sandbox.

You can use configuration files to customize Windows Sandbox options. A .wsb file is a configuration file that specifies how Windows Sandbox should run. It can include settings such as networking options, shared folders, mapped drives, startup commands, and more. Here is a list of the options that can be configured:

vGPU (virtualized GPU): Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use Windows Advanced Rasterization Platform (WARP).
Networking: Enable or disable network access within the sandbox.
Mapped folders: Share folders from the host with read or write permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
Logon command: A command that’s executed when Windows Sandbox starts.
Audio input: Shares the host’s microphone input into the sandbox.
Video input: Shares the host’s webcam input into the sandbox.
Protected client: Places increased security settings on the RDP session to the sandbox.
Printer redirection: Shares printers from the host into the sandbox.
Clipboard redirection: Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
Memory in MB: The amount of memory, in megabytes, to assign to the sandbox.

Run a Logon Command in Windows Sandbox

Below are the steps to create a .wsb file to map a folder from the host to the sandbox. Then run a logon command automatically when the sandbox is started.

1. Right click on the desktop then create a new text document.

2. Below is an example of sandbox configuration file. When a sandbox instance starts:

The folder C:\Apps would be mapped to the sandbox at C:\Apps.
The logon command will run Windows Explorer then open the mapped folder automatically.

The Command can be a path to an executable or script inside the container that will be executed after signing in. Apps in the sandbox are run under the container user account. The container user account should be an administrator account.

<Configuration>

  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Apps</HostFolder>
      <SandboxFolder>C:\Apps</SandboxFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>

  <LogonCommand>
    <Command>explorer.exe C:\Apps</Command>
  </LogonCommand>

</Configuration>

Note Note: Although very simple commands will work (such as launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the LogonCommand directive.

3. Save the file with any name, but make sure the file extension is .wsb.

4. Now, start the sandbox using the .wsb configuration file instead of running it from the Start menu or Windows search.

Every time you run a new sandbox session, the logon command will be executed, and the File Explorer would be opened automatically in the sandbox instance.

More examples about logon command

1. Open Command Prompt when the sandbox starts:

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start cmd {-noexit}"</Command>
  </LogonCommand>
</Configuration>

2. Open PowerShell when the sandbox starts:

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start cmd {-noexit}"</Command>
  </LogonCommand>
</Configuration>

3. Open a website when the sandbox starts.

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start msedge {-noexit https://bonguides.com}"</Command>
  </LogonCommand>
</Configuration>

4. Start the Windows sandbox with the Windows Package Manager pre-installed.

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start powershell {-noexit irm bonguides.com/winget | iex}"</Command>
  </LogonCommand>
</Configuration>

5. Start the Windows sandbox with the Windows Terminal pre-installed.

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start powershell {-noexit irm bonguides.com/terminal | iex}"</Command>
  </LogonCommand>
</Configuration>

6. Start the Windows sandbox with the Microsoft Visual Studio Code (VSCode) pre-installed.

<Configuration>
  <LogonCommand>
    <Command>powershell -executionpolicy unrestricted -command "start powershell {-noexit irm bonguides.com/vscode | iex}"</Command>
  </LogonCommand>
</Configuration>

7. Install all required apps when the sandbox starts automatically. Below is an example of sandbox configuration file. When a sandbox instance starts:

The folder C:\Apps would be mapped to the sandbox at C:\Apps.
The batch script in the mapped folder (C:\Apps\install.bat) would be executed automatically.

<Configuration>

  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Apps</HostFolder>
      <SandboxFolder>C:\Apps</SandboxFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>

  <LogonCommand>
    <Command>"C:\Apps\install.bat"</Command>
  </LogonCommand>

</Configuration>

Download the installers or setup files then copy them to the C:\Apps folder on the host machine.

Create a batch script in the C:\Apps folder. Below is the content of the script to install the apps automatically when the sandbox starts.

@echo on
msiexec /i C:\Apps\7zip.msi /qn
msiexec /i C:\Apps\Firefox.msi /qn

C:\Apps\skype.exe /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /DL=1
C:\Apps\tsetup.exe /verysilent