I’m running Windows (Server 2022, but with/as a desktop environment) on VMWare and want to use an application I do not fully trust. Windows Sandbox is unavailable on my system and would not allow the program to save its state. I’m not aware of any other way to run windows applications such that
- They can only read and write files in directories that are whitelisted for them (reading/writing should ideally be separate permissions)
- They cannot modify system configuration (e.g. registry; if they need to make changes, it would be good for them to work on a copy of the registry)
- They cannot access the network unless explicitly allowed (this seems to be the standard in my server installation for any application already)
I do want them to be able to make permanent changes to the system so that the app runs as if it was installed natively. But only isolated in their own directory without any changes that could interfere with the system or other applications.
I might also try to execute the application on a Linux system using WINE, but I’m not certain that this would be any better unless I create VMs that are only there for executing individual apps. This would require more resources and therefore other solutions are preferred.
