Work-in-progress C++ code for launching executables and out-of-process COM server in a sandboxed low-integrity or AppContainer process on the same machine. There's no need to create any additional user accounts.
Run RunInSandbox.exe [ac|li|mi|hi] ExePath to launch the ExePath application in an AppContainer, low-integrity, medium-integrity or high-integrity process. This works for STARTUPINFOEX-based process creation.
Run RunInSandbox.exe [ac|li|mi|hi] ProgID [username] [password] to launch the ProgID COM server in an AppContainer, low-integrity, medium-integrity or high-integrity process. The process will also run through a different user if username&password are provided. Unfortunately, AppContainer isolation doesn't work yet. Also, user impersonation only works for administrator accounts.
Example usage:
RunInSandbox.exe li PowerPoint.Application to start Microsoft PowerPoint in a low-integrity process connected using COM automation.
This approach performs client-side user impersonation with ImpersonateLoggedOnUser for the current thread. Then the COM server is created with CLSCTX_ENABLE_CLOAKING to allow the COM server to be created with the current thread credentials.
| Token impersonation problems | |
|---|---|
| Low integrity | โ (confirmed to work) |
| AppContainer | โ Process is created but CoGetClassObject activation gives E_ACCESSDENIED (The machine-default permission settings do not grant Local Activation permission for the COM Server) |
Command-line tool to make a file or path writable by a low-integrity process. Useful for whitelisting specific folders that should not be subject to application sandboxing.
C#/.Net sample code for launching an executable or COM class in an "elevated" process with admin privileges. The same functionality is also included in the RunInSandbox project.
UAC related:
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent