windows.md +1 −0
26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.
27- Runs commands as a dedicated Windows Sandbox User.27- Runs commands as a dedicated Windows Sandbox User.
28- Limits network access by installing Windows Firewall rules.28- Limits network access by installing Windows Firewall rules.
29- Uses a private desktop by default for stronger UI isolation. Set `windows.sandbox_private_desktop = false` only if you need the older `Winsta0\\Default` behavior for compatibility.
29 30
30### Sandbox permissions31### Sandbox permissions
31 32