windows.md +11 −0
26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.
27- Runs commands as a dedicated Windows Sandbox User.27- Runs commands as a dedicated Windows Sandbox User.
28- Limits network access by installing Windows Firewall rules.28- Limits network access by installing Windows Firewall rules.
29- Uses a private desktop by default for stronger UI isolation. Set `windows.sandbox_private_desktop = false` only if you need the older `Winsta0\\Default` behavior for compatibility.
30
31### Sandbox permissions
32
33Running Codex in full access mode means Codex is not limited to your project
34 directory and might perform unintentional destructive actions that can lead to
35 data loss. For safer automation, keep sandbox boundaries in place and use
36 [rules](https://developers.openai.com/codex/rules) for specific exceptions, or set your [approval policy to
37 never](https://developers.openai.com/codex/agent-approvals-security#run-without-approval-prompts) to have
38 Codex attempt to solve problems without asking for escalated permissions,
39 based on your [approval and security setup](https://developers.openai.com/codex/agent-approvals-security).
29 40
30### Grant sandbox read access41### Grant sandbox read access
31 42