Allowing Sandboxed Program Access to SQL Server

[NMEVA]

I have a program that I need to run sandboxed so it cannot write its entries to the registry, program data etc, however this program creates and utilizes SQL Databases. I have an SQL Instance installed and setup that I need my program to be able to communicate with so it can use the database files it has, but still keep the rest of the program sandboxed.

I tried setting the Resource Access Direct Access as well as Full Access options to include C:\ProgramFiles(x86)\Microsoft SQL Server\, but it still seems to be failing to communicate with the SQL Instance. I tried searching the forums but didn't find anything that seemed applicable. Can anyone shed some light on this?

[Guest10]

Communicating with an unsandboxed program typically involves things like IPC Access and Window Access settings along with Direct or Full Access for folders or files, so allowing just Direct or Full Access to folders and files won't do it.

These resources are usually identified by using the Resource Access Monitor, but there's still guesswork involved in trying to identify which resources to allow in the settings.

[tzuk]

Maybe you could set up an ODBC connection to the SQL server and have the connection go through TCP/IP. Just an idea.

[NMEVA]

Is it possible to setup a sandbox to allow all connections, then explicitly block Program Data, Program Files, and registry entries?

[tzuk]

Not really. One more thing you can try is to enable Sandbox Settings > Applications > Accessibility > Screen Readers. This weakens the boundary of the sandbox and might get the SQL connections working. That is if the SQL connections run through COM.