Installing to a Sandbox - Not Run in a Sandbox

[Simple_One]

Hi all,

Can someone help me here. I understand the two ways of using sandboxie, namely, a regular install and then running in a sandbox, or actually installing to a sandbox. The later is what I need some help with, particularly in relation to itunes.

What i'm trying to understand is which settings effect how programs installed into a sandbox can interact with the host OS (registry, services etc).

I've tried to install itunes to a sandbox, which I did with a bunch of errors along the way for 'various minor services that aren't supported in sandboxie' etc. But program does launch once installed to the sandbox.
When I run the program from within the sandbox, unsurprisingly it doesn't work as it does when installed outside a sandbox.
Now I assume this is because the sandbox is restricting its access to reading/writing registry entries, installing any drivers and (most importantly probably), preventing itunes from installing services and possibly preventing it from being able to launch windows services (that exist outside the sandbox).

This is probably hard to answer because I'm sure it varies from program to program, but how do I work out which exceptions/exemptions i need to make in order to get itunes working somewhat properly?

The desired outcome is really just to be able to back up my iphone, if possible sync the email accounts on the phone with my outlook email (which runs in the same sandbox that I've tried installing itunes to).
Does anyone have any tips on what I need to do to:

1. Make itunes recognise that a phone has been connected to the computer (I'm guessing this has something to do with allowing access to services)
2. Be able to let itunes communicate with outlook (which is installed outside the sandbox, but run within the same one)

Any thoughts would be appreciated.

Kris

[Simple_One]

Never mind with this, I'm slowly working this out with reference to this (and some trial and error):
http://www.sandboxie.com/index.php?Reso ... ssSettings

[Simple_One]

EDIT: It appears that I had it reversed in my head. By default it allows reading of the real registry and writing to everywhere in the sandboxes virtual registry. Asterisking the settings below would actually prevent this.


Original Post:
***************************************************************
Is it valid to use wild cards when adding resources to the registry restrictions?

For instance if i just add an asterisk (*) as a resource under the Registry Access > Write-Only Access, does that allow programs that are running in or installed into a sandbox, to write whatever they want, wherever they want, to the sandbox's virtualised registry?

Or do I need to explicitly add the major root folders of the registry? (for instance HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE etc)


Cheers

[Guest10]

For instance if i just add an asterisk (*) as a resource under the Registry Access > Write-Only Access, does that allow programs that are running in or installed into a sandbox, to write whatever they want, wherever they want, to the sandbox's virtualised registry?

Write-Only Access will prevent sandboxed programs from reading anything from the "real" Registry key that is specified in the setting.
The existing contents in the "real" key will be hidden from the sandboxed program.
So a wild card there will hide everything that's in the "real" Registry.

The sandboxed program will still be able to write new values to the key, in the sandboxed registry file RegHive, and those entries are the only ones that the sandboxed program will see there.

So, to restate this: it can write to that key in the sandboxed Registry, and can then read what it has written there, but it cannot read any entries from the "real" Registry Key.
Nothing is needed if all that you want to do is to allow the sandboxed programs to write to the sandboxed Registry.