Sandbox Level in various browsers and operating systems

@wat0114 Thanks so much. I figured it out after the fact, but having his reg file is nice.

I just took out the DNS entries for myself and used it.

 

You're welcome. It was kees1958 in another forum and @Sampei Nihira who helped guide me in adding these registry entries for AppContainer enforcement in Edge

 

Any idea how to change these features for Non-Edge Chromium browsers? I tried to set similar registry keys for Brave but it didn't work. On the brave://sandbox page, beneath the processes list, there is a list of features:

I thought maybe those names can be found as flags under brave://flags, but they're not.

Btw, when searching for the NetworkServiceSandbox, I discovered it will be enabled by default in Chrome 104, so probably also for other Chromium based browsers.

 

https://docs.google.com/document/d/1Bk3Z8CUQucd8FP6ISKkT3Q9YYuP43574VIO_kyAISBU/view

 

Ah yes those commandline switches work, thank you! RendererAppContainer crashes my browser extensions and no site will load. GpuAppContainer and NetworkServiceSandbox work though. (note that NetworkServiceSandbox is AppContainer by default when enabled).
If you want to enable multiple features, make sure you add them together. Adding them seperately like

Code:

--enable-features=NetworkServiceSandbox --enable-features=GpuAppContainer

will only enable 1 of them.

Code:

--enable-features=NetworkServiceSandbox,GpuAppContainer

works though.

 

I added NetworkServiceCodeIntegrity to add code integrity to the NetworkServiceSandbox. Still working fine so far.

 

This policy is enabled (though not set) by default in Edge.
So it can only be turned off.