How to customize the default Windows Sandbox (files, folders, registry, wallpaper) without using WSB file

In this post I will show you how to customize the default Windows Sandbox environment by adding folders or files, modifying registry, wallpaper without using WSB file.

Context

- You want to use Windows Sandbox

- You want to add by default folders or files in Sandbox

- You want to set the default wallpaper

- You want to set some registry keys

What we will see:

- Add your own content in Sandbox explorer

- Add powershell modules by default

- Modify default registry

- Change the PowerShell executionpolicy

- Change the wallpaper

Opening defaut Windows Sandbox

For that proceed as below:

1. Open Windows Services

2. Stop the service Container Manager Service

3. You can do it with PowerShell: stop-service CmService

4. Go to C:\ProgramData\Microsoft\Windows\Containers\BaseImages\GUID

5. Double-click on BaseLayer.vhdx

6. This will mount the VHDX, as below:

Adding your content

In the below examples we will add modules MSAL.PS.

For this proceed as below:

1. Go to your host computer

2. Go to C:\Program Files\WindowsPowerShell\Modules

3. Copy folder MSAL.PS to E:\Files\Program Files\WindowsPowerShell\Modules

4. Close the Explorer

5. Do a right-click on the mounted drive

6. Click on Eject

7. Start again service Container Manager Service

8. You can do it with PowerShell: start-service CmService

9. Open Windows Sandbox

10. Open a PowerShell prompt

11. Type set-executionpolicy remotesigned

12. Now type Get-MsalToken

13. As you can see it asks for the client ID

14. In the next example I will add my own Azure app

Changing default registry

We will proceed as below:

1. Mount the vhdx as mentioned previously

2. Open regedit

3. Go to HKLM

4. Click on File

5. Click on Load hive

6. Browse E:\Files\Users\WDAGUtilityAccount\ntuser.dat

7. Type a name like test

8. Change what you want

9. Click on File

10. Click on Unload hive

Changing wallpaper

We will proceed as below:

1. Mount the vhdx as mentioned previously

2. Open regedit

3. Go to HKLM

4. Click on File

5. Click on Load hive

6. Type a name like test

7. Browse E:\Files\Users\WDAGUtilityAccount\ntuser.dat

8. Go to HKEY_LOCAL_MACHINE\test\Control Panel\Desktop

9. Select WallPaper

10. Change to the existing one: C:\Windows\Web\Wallpaper\Theme1\img1.jpg

11. Click on File

12. Click on Unload hive

13. You can of course add your one

14. See below result:

Setting PowerShell executionpolicy

We will proceed as below:

1. Mount the vhdx as mentioned previously

2. Open regedit

3. Go to HKLM

4. Click on File

5. Click on Load hive

6. Type a name like test

7. Browse to the ntuser.dat

8. Go to HKEY_LOCAL_MACHINE\test\SOFTWARE\Microsoft

9. Create a key PowerShell > 1 > ShellIds > Microsoft.PowerShell

10. Create a string ExecutionPolicy

11. Add value RemoteSigned

12. Create a string Path

13. Add value C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

14. Click on File

15. Click on Unload hive

16. See below result:

Hiding News and interest

1. Mount the vhdx as mentioned previously

2. Open regedit

3. Go to HKLM

4. Click on File

5. Click on Load hive

6. Type a name like test

7. Browse to ntuser.dat

8. Go to HKEY_LOCAL_MACHINE\test\Software\Microsoft\Windows\CurrentVersion\Feeds

9. Select ShellFeedsTaskbarViewMode 

10. Change value to 2 to hide this feature

11. Click on File

12. Click on Unload hive

13. See below the result before

14. See below the result after

What's next ?

I will continue to add other examples in another post, like:

- Set default applications

- Set language

- Set taskbar

- Others