Trust No Program

Expandable Variables


Some Sandboxie settings may include variables. These are placeholder names which are expanded to (replaced by) text which may be specific to a particular computer and user account. For example, 

   RecoverFolder=%Personal%\Song_Lyrics

In this simple example, Sandboxie expands the variable Personal by the actual folder for the My Documents folder. 

   RecoverFolder=C:\Documents and Settings\joe\My Documents\Song_Lyrics

The following table lists the variables that Sandboxie recognizes.

Variable Name Expands To
sandbox Name of sandbox in which the program is running.
Example: DefaultBox
user
username 		User account in which the program is running.
Example: joe
sid SID-string identifying the user account in which the program is running.
Example: S-1-5-21-414-171-1981-1005
session The number of the logon session in which the program is running.
Example: 1
ProgramFiles Location of program files folder.
Example: C:\Program Files (Windows XP)
Example: C:\Programs (Windows Vista)
SystemRoot Location of the Windows installation folder.
Example: C:\Windows
SystemDrive First two characters of %SystemRoot%.
Example: C:
DefaultSpoolDirectory Location of the print spool folder.
Example: C:\Windows\System32\spool\printers
UserProfile Location of the user account root folder.
Example: C:\Documents and Settings\joe (Windows XP)
Example: C:\Users\joe (Windows Vista)
AllUsersProfile Location of the shared user account root folder.
Example: C:\Documents and Settings\All Users (Windows XP)
Example: C:\ProgramData (Windows Vista)
HomeDrive
HomePath
HomeShare 		Partial locations of the user account root folder, as defined in the registry key:
HKEY_CURRENT_USER\Volatile Environment
temp
tmp 		Location of the Windows temporary files folder as defined in the registry key:
HKEY_CURRENT_USER\Environment.
Example: C:\Windows\Temp
Personal
AppData
Local AppData
Favorites
And more
Locations of user-account and system folders as are known to Windows Explorer. For more information, see Shell Folders.

Template Variables

Global templates are part of the installation of Sandboxie and reside in the file Templates.ini in the Sandboxie installation folder. Additional local templates may be added to Sandboxie Ini. Any template may reference template variables in the form %Tmpl.SomeVariableName%. These variable names are not built into the core of Sandboxie. They must be defined in Templates.ini or Sandboxie.ini in a [TemplateSettings] section.

Overriding Variables

Any of the variables in the table above, including any of the Shell Folders variable and any template variables, can be overridden by the Sandboxie Ini configuration file. To override a variable, add a setting with an Ovr. prefix.

For example: 

    [GlobalSettings]
    Ovr.SystemRoot=X:\WIN
    Ovr.Tmpl.Firefox=C:\Firefox\Profiles\
			
    [DefaultBox]
    Ovr.Personal=Z:\MY_FILES
    RecoverFolder=%Personal%
    OpenFilePath=%SystemRoot%\Temp

When a variable is overriden in this way, its expanded value will always match the value specified in the configuration file.

Registry Fallbacks

Some of the variables in the table above are taken from the system registry. Those variables are ProgramFiles and any other variable that appears below ProgramFiles in the table above. For these variables, it is possible to specify "fallback" values in the Sandboxie Ini configuration file. To specify a fallback for a variable, add a setting with a Reg. prefix.

For example: 

    [GlobalSettings]
    Reg.Desktop=%USERPROFILE%\Desktop
			
    [DefaultBox]
    Reg.Cookies=%USERPROFILE%\Cookies

Note that "Ovr."-style overrides (described above) will cause Sandboxie to not look in the registry at all. On the other hand, Sandboxie only considers "Reg."-style fallbacks if the expanded variable cannot be found in the registry. This means that if both Ovr.X and Reg.X are specified for the same variable X, the Ovr.X form will always apply when X is expanded, and the Reg.X form will never apply.

It is generally preferable to use "Ovr."-style overrides than "Reg."-style fallbacks.

Jump to
Sandboxie Ini
setting:

Global Settings:

ByteOrderMark

AlertProcess

ForceDisableSeconds
ForceDisableAdminOnly

EditAdminOnly
EditPassword
MonitorAdminOnly

ActivationPrompt

Enabled

FileRootPath
IpcRootPath
KeyRootPath

AutoDelete
NeverDelete
DeleteCommand

AutoRecover
AutoRecoverIgnore
RecoverFolder

AutoExec

BoxNameTitle
BorderColor
Description

CopyLimitKb
CopyLimitSilent

ForceFolder
ForceProcess
LingerProcess
LeaderProcess

NotifyInternetAccessDenied
NotifyStartRunAccessDenied

BlockDrivers
BlockFakeInput
BlockPassword
BlockSysParam
BlockWinHooks

BlockPort

DropAdminRights

OpenFilePath
OpenPipePath
ReadFilePath
WriteFilePath
ClosedFilePath

OpenKeyPath
ReadKeyPath
WriteKeyPath
ClosedKeyPath

OpenIpcPath
ClosedIpcPath

OpenWinClass
OpenClsid
OpenProtectedStorage
OpenCredentials

InjectDll
InjectDll64

ProcessLimit1
ProcessLimit2

See also:

Expandable VariablesShell FoldersProgram Name PrefixDeprecated Settings

Top

Sandboxie is Copyright © 2004-2019 by Sandboxie Holdings, LLC.  All rights reserved.
Sandboxie.com | Contact Author