Michael asked the following question about sandboxing a virtual machine. I thought it might be of general interest, so decided to post the answer, which Ben Armstrong, our resident Virtual PC guru has provided (http://blogs.msdn.com/Virtual_PC_Guy).
Question: I’d like to use a virtual machine as a sandbox which permits the user to do “ugly” things in IE without damaging the host OS. Therefore, it is my interest to block any means of communication between host and guest, including drag and drop, network access, etc.
1. Do you consider Virtual PC appropriate for this?
2. How can I disable drag and drop?
3. How can I disable guest access to the host without limiting Internet access?
Answer (thanks Ben!): Yes – Virtual PC 2004 would be appropriate for this. To disable the integration features under a Windows 2000 or Windows XP virtual machine, you just need to disable the ‘Virtual Machine Additions Services Application’ and ‘Virtual Machine Additions Shared Folder Service’ services in the guest OS. To disable host access – but leave Internet access in place – use Shared Networking.