Infos und Anregungen zu "Im Ruhestand die Welt bereisen"

Kategorie: IT-New

My Windows 10/11 Setup

This post describes how I typically set up and configure my Windows machines.

[compatibility issues with Windows on ARM are marked red]
See Using the Windows Dev Kit 2023 ARM Mini-PC as Office Computer

I am slowly migrating to Windows 11, see Windows 11 ist (noch?) nix für mich.

For details on Windows features and configuration, see Paul Thurrot’s Windows field guides:
Windows 10 Field Guide
Windows 11 Field Guide

My typical Windows and apps layout:

  • Dark theme
  • Dark solid color background
  • Window borders in accent color (where supported by app)
  • My favorite Office commands in Quick Access toolbar above ribbon
  • Outlook HubBar disabled for more horizontal space
  • My most uses apps pinned to taskbar
  • Greenshot tray icon always visible
  • ‚This PC‘ pinned to desktop
  • Colored mouse pointer (here green)
My typical windows and apps layout
3 Clocks and my tray icons

Install Windows

[In case you are angry at Microsoft making it difficult to install Windows without using an MS account: One reason for this might be that on modern HW Windows by default encrypts the system partition with BitLocker. If one loses the BitLocker key, one will lose all data in case of problems where the key is needed. Thus, Windows automatically stores the BitLocker key in the MS account.]

Even though being German, I prefer English as display language because the UI texts are shorter, there are no translation errors and it is easier to search for help with English texts and error messages. Sadly MS and many app developers confuse display language with locale, often resulting in apps with German UI even though I intended English.

  • Windows display language: English
  • Region: German
  • Keyboard: German
  • Add German language via language settings for proofing tools

Set up a sign-in PIN. This is safer than always using your password.
In addition, I configure a fingerprint if the machine supports this.

Update Software to the newest version:

  • Force Windows updates
  • Force Windows Store apps updates
  • Install PC maker’s updates via their toll, e.g. via Lenovo Vantage

Configure a backup tool
I don’t use File History because it does not support Boxcryptor encrypted files. It looks like MS has deprecated File History (for OneDrive folder backup?).

  • Macrium Reflec
    I use Macrium to
    – backup system images (free) and
    – decrypted BoxCryptor files
    • Let Macrium create rescue boot enty
    • password protect backups!
  • On ARM Macrium does not run
    I use ‚Backup and Restore (Windows 7)‘
    which is still available in Windows 11 (under Control Panel).
    • protect backups using Bitlocker on the external drive
      • turn on BitLocker auto-unlock
      • the drive can easily be unlocked other machines by simply entering the password (the key is needed only if one forgets the password)

Create a first backup to make it easy to revert to this point.

  • Create Windows system restore point
  • Create System partition image backup using backup tool
  • Create a recovery drive.
    See Gute Elektronik und Zubehör for good USB-C/A Sticks.

Configure Windows

  • Dark mode for Windows and apps
  • Windows background: solid dark color
    I consider background images distracting noise.
  • Taskbar alignment left
    With a centered taskbar, pinned icons move when additional apps are opened. Left aligned looks nicer to me.
  • Show accent color on title bars and windows borders
    Without colored borders I find it hard to distinguish between layered windows when using dark mode. Sadly the colored borders settings is currently respected by MS Office and many older apps.
  • Additional clocks.
    Add two additional clocks via ‚Date & Time, Additional Clock‘.
    They will show in addition to the local time when pointing at the clock shown on the taskbar.
  • Show most used apps: on (Win11 only)
    Shows most used app at the top of All apps in the Start menu
  • Tighten admin security
    This improves security and only costs a few additional confirmation prompts.
    • User Account Control settings: ‚Always notify me‘
    • Choose where to get apps: ‚Anywhere, but warn me before installing an app that’s not from the Microsoft Store‘
  • Disable keyboard caps lock.
    I rarely need caps lock, but often hit it accidentally. This is easy to reverse.
    disable_caps_lock.zip
  • Make Mouse pointer easier to locate
    • Green color
      I use a different color for each machine to help distinguishing which machine I am on when remoting.
    • Enable ‚Show location of pointer when I press the CTRL key‘
  • If the File Explorer OneDrive context menu with „Share“ or „View online“ is missing: Change the User Account Control policies to allow OneDrive context menus. To cumbersome to configure. I use OneDrive online to share.
  • Enable Remote Desktop Connection (RDP) to new machine
    I find it helpful to be able to remote into all my machines, e.g. for scenarios when they are running without peripherals connected or when they are not reacting to mouse and keyboard. Beware! If you did not RDP into a machine for a long time, it might refuse accepting the correct credentials. I typically fix this by running an app as admin on the remote machine, e.g.
    runas /u:MicrosoftAccount\[my account] cmd.exe
  • Enable Nearby Sharing
    I currently don’t use this.
    For a good explanation of all Windows file sharing methods, see A quick survey of legacy sharing features
  • Bitlocker
    • Enable Bitlocker for all drives
      • On modern HW Bitlocker is automatically enabled for the system drive (without notifying the user) and the key is stored in the Windows account
      • If the backup tool does not support password protection: enable BitLocker for the removable backup drive too
    • Backup Bitlocker Keys to
      • Windows account
      • USB drive
      • and print a copy and store in bank safe
  • Import all EFS-Certificates
    I have lots from many machines. Some 10+ years old.
  • Storage Sense
    For Maybe change run ‚During low free disk space“ to monthly.
  • Enable Windows long paths
    To enable long file paths in Windows, open Registry Editor, create a new DWORD named „LongPathsEnabled“ in „HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem“ and set the value to 1.
  • Turn on the Diagnostic Data Viewer under ‚Diagnostics & feedback“
    • Install the Diagnostic Data Viewer app from the Microsoft Store

File Explorer options

  • Compact view
  • Single-click to open an item
    I am quicker with single-click. One only has to master selecting multiple files with single-click enabled.
  • Deselect ‚Hide extensions of known file types‘

Install Apps

[ToDo: try using the winget installer. It seems to offer most of my apps]

Windows apps

  • MS Office apps
    • Outlook
      • Add all my email accounts
      • Set download from the past‘ to ‚all‘
        sometime one has to force OL to actually download all by navigating to the last email
      • Restore Outlook signatures
        Sadly signatures don’t sync automatically between installations.
        I simply store them in a .txt file because I need them in different email clients.
      • Configure secure email using an S/MIME certificate
        I gave up on email encryption because none of my contacts were interested, including businesses (as I still was working for a SW house) – how incredibly stupid!
    • Word
    • Exel
    • Powerpoint
  • Windows Mail
    • Add my Microsoft 365 email account only
      For mail and calendar Live Tiles
      As fallback in case Outlook hangs.
  • MS To Do
    • Connect to my Microsoft 365
      This automatically syncs Outlook tasks with To Do
  • OneDrive Personal and For Business
    For a good description of OneDrive features, see Get to know OneDrive in Windows 11
    • Configure OneDrive Folder Backup for Documents and Pictures.
      I don’t use it for Desktop because this always created a mess – I simply don’t understand how this is supposed to work over several machines.
    • Configure offline use.
      I select offline use for my desktop machines, and files on-demand for my mobile machines, marking some folders with ‚Always keep on this device‘. The 200GB local storage space required in my case does not bother me.
    • Sadly OneDrive for Business syncs quite slowly (the Personal version is quicker)- sometimes it takes several days to download my 170GB – which is especially annoying because during this phase required files don’t download on-demand.
    • OneDrive for business has annoying restrictions for path length and file and folder names. This stems from its underlying implementation (Sharepoint). I found out the hard way when migrating from OneDrive personal to business. This is totally unacceptable and MS should have changed their implementation long ago.
  • OneNote
    One of my favorite features of OneNote is that it automatically inserts a link to the source URL when pasting a snippet from the web.
    • Add from Windows store for auto updates
      Since Oct 2022 the store delivers the desktop version
      which is the version supported by MS in the future.
  • Skype
    In addition to the standard Skype functionality I have a Skype number (Skype Festnetz Telefonnummer) and use Skype to Phone (to cheaply call any phone number anywhere in the World) using Skype credit (no monthly plan).
    • Configure microphone and cam
  • Phone Link
    • Add new PC to the Android „Link to Windows“ app

  • Windows Sandbox
    • Enable the Sandbox Windows feature
      Is very slow on ARM.
    • I automatically install Brave via a .wsb config file using the RuckZuck installer. For more Sandbox config options see Start Windows Sandbox With Preinstalled Apps

MS Office settings. For apps Outlook, Excel, Word, PowerPoint, OneNote:

  • Show Quick Access toolbar above the Ribbon
  • Import my app-specific Quick Access toolbar icons
    Office Quick Access Toolbar Icons.zip
  • Outlook: disable the HubBar
    I often use Outlook on a monitor in portrait mode and HubBar needlessly wastes precious horizontal space. Set
    HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides\Microsoft.Office.Outlook.Hub.HubBar
    string to false
  • OneNote
    Beware! When opening notebooks, multiple versions may exists in different network locations. I always make a change on a machine which is currently in use to verify if this change propagates to the notebook opened on the new machine.
    • Force a backup

Other Apps (manual install)

  • Boxcryptor
    I consider zero-knowledge encryption of cloud data a must-have, see Thoughts and Experiments on Cloud Encryption and Datenschutz (Ende-zu-Ende Verschlüsselung, …)
    To include decrypted Boxcryptor files in Windows indexing ‚Enable Windows search‘ in Boxcryptor advanced settings and add the drive x: to Windows indexing.
    In Nov 2022 BoxCryptor was sold to Dropbox. I don’t know if and when Dropbox will offer good and safe E2EE encryption.
  • 1Password
    A password manager is a must.
    For 2FA is use the MS Authenticator Android app.
    Many common assumptions about good password are wrong.
    See Toward better Master Passwords.
  • Macrium Reflect
    to backup system images (free) and decrypted Boxcryptor files
    • password protect backups
    • on ARM systems (like the Windows Dev Kit)
      Macrium does not work. I fallback to ‚Backup and Restore (Windows 7)‘ for image backups, which is still available in Windows 11 (under Control Panel).
  • I don’t rely on Windows File History
    because it does not work with files under Boxcryptor
  • Portfolio Performance
  • Kindle app
    While reading is way better on a Kindle ePaper reader I prefer the PC app or cloud reader if I need to search a lot or jump around in books – as one typically does with technical books.
  • Oscar
    To analyze my sleep apnea data from my APAP machine
  • Adobe Acrobat XI Standard
    The license came with my iX500 Scanner
    To edit and sign PDFs with a signature image
    • Configure signature picture to sign PDFs
  • AusweisApp2
    For authentication with my German identity card.
    Works fine with the Android AusweisApp2 and a phone as ID card reader.
  • cyberjack RFID standard USB smart card driver and tools
  • Balsamic Mockups
    To design UIs
  • Markdown Monster
  • Veracypt ?
  • MS Powertoys
    I only use:
    • Awake to conveniently prevent the PC from shutting down
    • Image Resizer when I want to forward images
    • T (Win+Shift+T) Extractor to extract text from images
  • Sysinternals Suite
    There is an ARM version!
  • Private Internet Access (VPN)
  • Brother printer tools
  • Will never buy HP printers again because several time they stopped supporting new Windows versions.
  • Fujitsu iX500 Scanner driver and tools

Other Apps (Ninite install)

Ninite is very handy to install common apps and automatically keep them updated.
I am using this for years: reliable, minimal UI – highly recommended!
The initial Ninite install is free (without any registration). The Ninite Updater costs $10/y.
For alternative installers see Start Windows Sandbox With Preinstalled Apps.

  • Firefox
  • Chrome
  • Greenshot
    Is free and good.
    Always show tray icon on taskbar.
  • FileZilla
    Export / import its settings
  • Notepad++
  • VLC
  • 7-Zip
  • Dropbox ?

Web Browsers

  • Set Firefox as default web browser, configured for research
    see Recherchieren – Warum, Wie und Womit
  • Brave as fallback option
  • Edge is installed by default
  • Set preferred language for search results for each search engine, e.g.
    on https://www.google.com/preferences
My Firefox customizations with website in reading mode

Clean Windows

For minimal Windows VMs I sometimes use the Debloat Windows PowerShell scripts by Chris Titus.

Uninstall unwanted Apps.
Windows 11 is less stubborn here and lets you uninstall more unwanted stuff.

Remove unwanted shortcuts.

Disable unwanted Windows startup entries

Create App Shortcuts

Pin frequently used apps to taskbar

Add frequently used web sites to desktop

Final Backup

Create ‚config completed‘ backups to make it easy to revert to this point.

  • Create Windows system restore point
  • Create System partition image backup using backup tool

Store the Windows product key in 1Password
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\BackupProductKeyDefault

Windows 10 vs. Windows 11

With Win11 I miss Win10 Live Tiles. Was using a full start screen with large Live Tiles for Mail, Calendar, 5 MS Weather tiles for different locations I like to travel to, 3 MS To Do lists and 3 MS Money medium tiles for funds and currencies I am interested in. I don’t get the rationale behind those Win11 widgets: no full screen, no multiple instances and these horrible clickbait news stories which you cannot get configured away, however hard you try (I know one can hide the news widget completely)?!

I like the new windows snap layouts in Windows 11:

Using the Windows Dev Kit 2023 ARM Mini-PC as Office Computer

This post describes my experience using the Windows Dev Kit 2023 ARM Mini PC as my office computer. This is not the usage scenario intended by MS, but I wanted to see how the little ARM machine fares as an office PC before working with it on my app development.

[compatibility issues are marked red]

Microsoft Learn: A video with details and some specification info

Main specs:

Arm-native dev tools:

  • IDEs
    • VS Code (Available now)
    • Visual Studio 2022 (now in preview, will be available by end of year 2022)
  • Tools
    • WinDBG
    • Git
  • Libraries
    • VC++ Runtime Libraries (Now in preview)
    • Many OSS libraries are and will be ported to natively target Arm64
  • Runtimes & Frameworks
    • .NET 6 (Available now)
    • .NET 7 (Now in preview, will be available by end of year 2022)
    • OpenJDK Java (Available now)
    • Python, Node JS (Porting underway)
    • CLANG/LLVM, GCC (Porting underway)
  • Cloud services
    • Azure Arm VMs (Available now)
    • Stand-alone Runner Agent (Details coming late summer 2022)
    • GitHub & Azure DevOps cloud hosted CI/CD (Details to follow)

More Info:

Image source: Jeff Geerling Testing Microsoft’s Windows Dev Kit 2023

The Dev Kit PC comes with a 2 year warranty. For hardware or warranty support you can create a support request on the Support for business services hub page.

You can order a replacement for a defective device via your MS account under Devices.

My setup experience

I bought my Dev Kit PC in the German MS Store. It was delivered within two days.
When ordering, one must accept a no refund policy. I doubt this is legally binding with German online shopping consumer rights, but one should expect difficulties, when trying to return the machine.

The Dev Kit PC comes without any user manual. There is only a leaflet describing the buttons and ports – with a link for more detailed information:
Microsoft Learn: aka.ms/arm-dev-kit-tools. This is totally sufficient for me.

Windows 11 Pro and Office Apps are preinstalled.

The display on my monitor was garbled when connected via a mini DP to DP cable, but readable enough to go through the Windows configuration. I later switched to a passive mini-DP to HDMI(*) cable. Windows setup might also work with a monitor connected via USB-C, but it will take about 25s before anything is visible.

Completing the basic Windows setup was quick and easy. For my complete typical Windows setup, see My Windows 10/11 Setup.

To be able to reset the PC completely I stored a copy of the Windows serial number, see ‚System, about‘. If needed, a Windows recovery image for the Dev Kit PC can be obtained here: https://support.microsoft.com/en-us/surface-recovery-image. Don’t select a product. Only enter the Windows serial number.

Here my office workplace with the Dev Kit ARM Mini-PC in the back, standing upright in the back – I hope this positioning does not cause thermal problems:

My current home office setup with the Windows Dev Kit ARM Mini-PC

The incredible amount of cables I removed when switching to the Dev Kit PC unplugging my old tower PC – only connecting to it via RDP now:

Cables removed at my work desk 🙂
Dual monitor setup on MS Site
Setup from a video by Windows Central using the beautiful Huawei MateView 28″ 3:2 Monitor(*)

Compatibility

Boxcryptor(*) works fine. This is a pleasant surprise, as I consider zero-knowledge encryption of cloud data a must-have, see Thoughts and Experiments on Cloud Encryption and Datenschutz (Ende-zu-Ende Verschlüsselung, …). Boxcryptor installed and configured without any hitches. Even Windows indexing of the (decrypted) x: drive works – after setting ‚Enable Windows search‘ in Boxcryptor advanced settings and adding x: to Windows indexing. In Nov 2022 BoxCryptor was sold to Dropbox. I don’t know if and when Dropbox will offer good and safe E2EE encryption.

My Brother HL L2340DW printer(*) was detected via WiFi and works without installing any drivers – albeit printing is very slow.

The Logitech X300 wireless speaker(*) and my old Microsoft LifeCam Cinema(*), including their microphones, work fine without installing any drivers.

The external Thinkpad keyboard(*) and MS compact mouse(*) work fine. They are connected to the USB-Hub of the Samsung Monitor. I use a Thinkpad keyboard to make switching between my desktop and Thinkpad notebook easier.

The simple and cheap Inateck USB C 7-port Hub(*) works fine.

Firefox, my preferred web browser for researching stuff (see Recherchieren – Warum, Wie und Womit), works fine with the newest updates after some initial hiccups. All my FF add-ons work fine too.

Windows Sandbox works. But web browsing is barely quick enough – slower than in Sandbox on my 12J old i7 desktop PC. Developers need VMs for testing and I assume the Dev Kit PC is too slow for running developer or test VMs. One will have to stack some Dev Kit PCs, use other machines or Azure instances – which is OK for me. [After some Windows updates and letting Windows run for a couple of days to let it ’settle in‘ the Sandbox performance is OK].

Casting audio and video to my Google Home devices including my Panasonic TV works fine using the Chrome Browser.

Portfolio Performance works fine. This is a Java app!

AusweisApp2 (App to authenticate using the German identity card) works fine.

cyberjack RFID standard USB smart card reader works fine after installing its ARM drivers.

Sysinternals Suite seems to work fine. There is an ARM version! Did not try all tools.

Macrium Reflect refuses to install with an ARM CPU. As a workaround I use ‚Backup and Restore (Windows 7)‘ for image backups, which is still available in Windows 11 (under Control Panel).

My preferred VPN Private Internet Access does not support Windows on ARM. For my desktop PC this is not so important.

Could not get my ScanSnap iX500(*) Scanner to work with Windows 11 ARM. The SW does install fine, but does not recognize the scanner via USB or WiFi. Sadly it also does not work with Hamrick’s VueScan . As a workaround I configured a WiFi connection to the Scanner with an Intel machine and use it with the ScanSnap Android app on my Pixel phone of with my Intel notebook.

I assume that most utilities and drivers for Scanner and (multi-function) printers that implement configuration options and features will not work until the makers supply ARM drivers.

Problems

Printing to my Brother HL L2340DW(*) is very slow – there is a long pause before pages. On Win10 Intel it prints fast without pauses between pages. The ‚Start printing immediately‘ setting is not the problem, as I use this on all my installations. Win11 ARM currently supports this printer only via WiFi not via USB.

My Monitors do not work properly when connected via a mini DP to DP cable. The Samsung S27A850D display is garbled. The Dell U2410 frequently turns on and off. Tried with four different mini DP to DP cables. This passive mini-DP to HDMI(*) cable and this active mini DP to HDMI adapter(*) work, and can be used to keep one USB-C port free. With the cable my monitor sometimes goes black, but wakes up when mousing to it. With the active Adapter the monitor sometimes goes black which can only be fixed by rebooting the PC. Somewhere I read the Dev Kit PC mini DP is an embedded DisplayPort(eDP) to Mini DisplayPort – which might be related to the problem.

Garbled display when monitor connected via mini DP

The Dev Kit PC sporadically looses the WiFi connection to my Brother printer. Solved: This was not a connection problem. Somehow the paper size in Windows printer settings was set to letter instead of A4, even though in Windows setup I selected Germany as locale.

I did not find a good solution for scanning. Simply using MS Lens on my phone is not a good option, because I like the multi-page scanning and quality of the iX500. Currently I use the ScanSnap app on my Pixel phone.

Firefox crashes frequently. I assume this will get this fixed quickly.
Fixed with FF version 106.0.3, installed on Oct. 31.2022.

The Dev Kit PC does not charge via USB-C.

The Windows Reliability History shows several Hardware errors. The event log shows display driver resets at these time, which I experienced as Windows hiccups. Changing ports and cables did not help. Here the reliability monitor status of my current machines:

I had one File Explorer crash.

Wishes

USB-C charging, Thunderbolt 4 ports. For the reasoning behind using standard USB-C ports see Microsoft Surface Pro 9 (5G) review: An Arm tablet actually worth buying.

Status feedback via LED blinking when booting the Dev Kit PC: After pressing the power button the white LED turns on and then there is no additional feedback until the Windows Start screen shows. Especially with monitor problems one does not know what is going on.

MS should document the mini DP special cabling requirements.
They do now!

Résumé

For me personally, the Dev Kit Mini-PC currently is the perfect office desktop PC, especially from a value for money perspective. It just came at the right time, as I am currently downsizing to a more minimalistic lifestyle: smaller apartment, less and simpler hardware and less and simpler travel gear. However, I cannot generally recommend it for office use because of the questionable future of Windows on ARM (considering the developments by AMD and Intel). My past assumptions about the success of technologies were often totally wrong – even in SW development, my field of expertise. E.g. I did bet on the Windows Phone and UWP and many years ago on the BiiN fault tolerant computer, jointly developed by Intel and Siemens.

The Dev Kit Mini-PC is surprisingly small – which I really like. The performance is totally sufficient for all my office tasks. I never play games or do video editing, thus I know nothing about performance and app compatibility in these areas.

Firefox crashes disappeared with a FF update. Besides one File Explorer crash and sporadic display driver resets I did not experience any Windows or app hiccups – no stutters, no hangs and not a single blue screen yet (despite many config experiments). Inadvertently disconnecting power several times while the PC was running did not cause any problems. Only Windows Sandbox virtualization is borderline slow.

Depending on your needs, missing drivers for peripherals like printers or scanners may be a problem.

This is the quietest PC (Desktop or Notebook) I ever had. The fan usually does not run at all and when it runs, there is just a little low-frequency hum – not the high-frequency hissing noise of notebooks. I assume the fan only exists to prevent throttling. I did not experience any coil whine.

[ *) This post contains affiliate links]

Start Windows Sandbox with Preinstalled Apps

Windows Sandbox is a standard Windows feature, providing a lightweight desktop environment (Windows virtual machine) to safely run applications in isolation. In a Sandbox you can safely test apps or browse „unsafe“ websites. In contrast to „normal“ VMs Sandbox starts quickly, e.g starting Sandbox and installing Firefox takes less than 30 sec on my notebook.

Windows Sandbox comes preinstalled with Windows. One must only manually enable it via „Turn Windows Features on or off“.

One of the main features of Windows Sandbox is that it erases all state when closing. While this ensures not leaving any traces on your host machine, I find it cumbersome having to install commonly used apps every time I start a Sandbox.

To automatically install apps when starting Sandbox, I use the <LogonCommand> of a Windows Sandbox configuration file to run installers at Sandbox startup.

[ToDo: Experiment with the winget installer]

Using Ninite Installer

The free Ninite installer is the fastest installer option and provides unobstrusive status info with a Sandbox LogonCommand and :

[BTW, I am using the paid Ninite Updater on my Windows machines to keep apps automatically updated. I especially like its minimalistic UX and installing most of my apps on a new machine with a single command.]

  1. Select the apps you want on the Ninite website
  2. Download the configured installer
  3. Make the installer available in Sandbox
    1. Set <HostFolder> to the folder containing the installer
    2. <SandboxFolder> defaults to Desktop!
  4. Set the installer to run via <LogonCommand>
  5. Simply run the .wsb file to start Sanbox and install your apps
Apps offered by Ninite

The following .wsb file starts Sandbox and automatically installs Firefox and 7-ZIP via Ninite. It gives the Sandbox 6GB RAM too.

<Configuration>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Tools\SandboxConfig</HostFolder>
      <SandboxFolder></SandboxFolder>
      <ReadOnly>true</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>  
		<Command>"C:\users\WDAGUtilityAccount\Desktop\SandboxConfig\Ninite 7Zip Firefox Installer.exe"</Command>
  </LogonCommand>
  <MemoryInMB>6144</MemoryInMB>
</Configuration>

Ninite status info while installing apps in Windows Sandbox

Using RuckZuck Installer

If Ninite does not offer the apps you need, the RuckZuck installer might do, see the RuckZuck app catalog.

The following .wsb LogonCommand uses RZGet to install Brave and 7-Zip:

 <Command>C:\users\WDAGUtilityAccount\Desktop\SandboxConfig\RZGet.exe install /verbose "Brave" "7-Zip"</Command>

Using Chocolatkey Installer and PowerShell Script

If you need more install features or more control, you can run Chocolatkey via a PowerShell script as LogonCommand.
Doing More with Windows Sandbox describes a complex Sandbox configuration using PowerShell.
To install Chocolatkey via Powershell use:

Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

By default Windows Sandbox does not allow PowerShell scripts to run. My scripts do not disable this restriction generally, they only bypass it for their execution.

To force showing the PowerShell output of the Sandbox LogonCommand I start a PowerShell from within PowerShell [found no cleaner solution].

.wsb file starting a PowerShell script:

<Configuration>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Tools\SandboxConfig</HostFolder>
      <SandboxFolder></SandboxFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>    
		<Command>powershell -executionpolicy bypass -command "start powershell {-noexit -file C:\Users\WDAGUtilityAccount\Desktop\SandboxConfig\InstallChocoAndApps.ps1}"</Command>
  </LogonCommand>
  <MemoryInMB>6144</MemoryInMB>
</Configuration>

PowerShell script installing Chocolatkey and apps:

Set-ExecutionPolicy Bypass -Scope Process -Force

$ElapsedTime = [System.Diagnostics.Stopwatch]::StartNew()

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

choco feature enable -n=allowGlobalConfirmation

choco install brave
choco install firefox 
choco install 7zip 

Write-Host "Elapsed Time: $($ElapsedTime.Elapsed.ToString())"

Exit
WordPress Cookie Hinweis von Real Cookie Banner