Removing admin rights from programs running in a Sandboxie sandbox

Learning that lasts. Online courses from $14.99

Sandboxie is a free and open-source program that runs on systems using the Microsoft Windows operating system that allows you to run other programs in a secure sandbox. If you wish to run programs in Sandboxie without the programs having administrative rights, even if you are running Sandboxie from an account that is in the system's administrator group, you can do so by editing the Sandboxie configuration file, Sandboxie.ini. The file will usually be in the C:\Windows folder on most systems running a Microsoft Windows operating system. Sandboxie will first look for its configuration file in C:\Windows, but if it doesn't find the file there, it will then look in the Sandboxie installation folder, which will usually be C:\Program Files\Sandboxie or C:\Program Files\Sandboxie-Plus. When it finds an instance of the file, it will not check other locations. There is a DropAdminRights setting that can be used in the file. If you set the value to y for a sandbox, then any programs running in the sandbox will have administrative rights stripped from them, i.e,. the security credentials used to start the sandbox won't include membership in the Administrators and Power Users groups. If you are running Sandboxie from an account that is not an administrator account, then the setting won't have any effect.

You can change the setting using the Windows Notepad program since the Sandboxie.ini file is just a text file. To edit the file with that program, you need to run the Notepad prgram as an administrator. You can do so by typing Notepad in the Windows Search field and then right-clicking on the Notepad program when you see the app returned in the search results and then choosing Run as administrator. You need to start Notepad this way even if you are logged into an administrator account; otherwise you will get a message stating that you don't have permission to save the updated file in its current location when you try to save it. When you have opened the Notepad application, choose File then Open, then in the field to the right of the file name box, change the value from "Text documents (*.txt) to "All files" and then locate the Sandboxie.ini file and open it.

Notepad - open all files

Look for the sandbox name, e.g., DefaultBox and add the DropAdminRights=y line beneath it, i.e.:

[DefaultBox]
DropAdminRights=y

Then save the updated file.

References:

  1. Sandboxie Ini
    Sandboxie Plus
  2. Drop Admin Rights
    Sandboxie Plus