VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Sandbox for Codex on Windows: how we achieved security

Сандбокс для Codex на Windows: как мы добились безопасности

Friends, I’d like to share from the OpenAI ecosystem: I implemented a sandbox for Codex on Windows.

The gist: standard Windows tools (AppContainer, Windows Sandbox, MIC) were unsuitable. The initial unelevated prototype used synthetic SIDs, write-restricted tokens and a network-suppression environment — it worked, but network restrictions were unreliable and ACL changes were costly.

Solution: with a one-time admin install we create CodexSandboxOnline/Offline users, configure firewall rules and run commands via a separate runner with a limited token. This provides reliable network isolation and controllable write privileges.

Why it matters: Codex remains useful and safe in real-world workflows.

What trade-offs in a Windows sandbox do you consider acceptable?

#OpenAI #Codex #Windows #cybersecurity

Latest comments

No comments yet.