Policy
Allow mapping folders into Windows Sandbox
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows11
This policy setting enables or disables mapping folders into sandbox. If you enable this policy setting, mapping folders from the host into Sandbox will be permitted. If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files. If you disable this policy setting, mapping folders from the host into Sandbox will not be permitted. If you do not configure this policy setting, mapped folders will be enabled. Note that there may be security implications of exposing folders from the host into the container.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path SOFTWARE\Policies\Microsoft\Windows\Sandbox Value name AllowMappedFolders | REG_DWORD | HKLM 1 | HKLM 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Allow Sandbox to write to mapped folders. ID CheckBox_AllowWriteToMappedFolders | boolean | Path SOFTWARE\Policies\Microsoft\Windows\Sandbox Value name AllowWriteToMappedFolders Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |