Appearance
Files Troubleshooting
Diagnose issues related to the Files tab, shared storage, imports, and opening files.
Files Tab Not Available or Shows Error
Problem
- The Files tab is not available or shows an error (for example, “File storage is not configured”).
Solutions
- Ensure the Sandbox Manager service is running and versions are compatible with the Launcher.
- Verify the policy defines at least one Storage Context at
configuration.launch.runtime.files.contexts. - Click the Retry button after fixing the configuration.
- Check launcher logs for connection errors.
Related
Files Not Importing
Problem
- Drag‑and‑drop file import fails or shows errors.
Solutions
- Check available disk space on the target drive.
- Verify write permissions to the sandbox storage location.
- Review error details in the import dialog; try importing a single small file to isolate.
- Ensure file operation policies allow
importfor the file extension (no explicit deny).
Related
Cannot Open Files
Problem
- Clicking files does not open them or shows an error.
Solutions
- Ensure an application policy includes a relevant file association or a centralized
fileHandlersrule exists for the extension/verb. - Verify the handler application is installed and discoverable via Start Menu/Desktop shortcut scan.
- Confirm the application policy’s
matchAll/matchAnyrules can resolve the executable (path/name and, if present, high‑assurance matchers). - Ensure file operation policies allow
open(no explicit deny for the extension).
Related
- File Handling — centralized handlers, associations, policies
- Authorization & Visibility
- Policy — Discovery scope
Import Progress and Errors
Notes
- Large imports show a progress dialog (overall progress, current file, estimated remaining, cancel).
- On failure, review the filename, error message, and details; choose Try Again, Skip, or Cancel.
Secure Storage Posture Failures
Problem
- The Files tab or launches are blocked with errors indicating insecure or unsupported storage posture (examples: “storage path rejected: not NTFS”, “UNC path rejected”, “removable media encryption required”, “ACL too permissive”, “source not in allowlist”, “BitLocker/EFS not detected”, “path not found”).
Solutions
- Not NTFS (FAT/exFAT or other FS)
- Move the storage to an NTFS volume.
- Reconfigure
configuration.launch.runtime.files.contexts[].sourceto point to the NTFS path. - See: Secure Sandbox Storage — Security requirements and best practices
- UNC or network path
- Use a local NTFS path; UNC/network paths are not supported for Secure Sandbox storage.
- Update policy to a local path (e.g., D:\TurboSandbox\Shared).
- Removable media encryption required
- Enable BitLocker (or hardware encryption) on the device and unlock before use.
- Ensure policy sets
runtime.devices.removableMedia.encryptionRequired: trueand the device is included inallowedDevices. - See: Secure Sandbox Storage — Removable media (enforced encryption and allowlists)
- Storage ACL too permissive
- Harden NTFS ACLs at the storage root:
- Allow: SYSTEM, the launcher user/service identity (and optionally Administrators).
- Remove write access for broad principals (Everyone, Authenticated Users, Users).
- Disable inheritance at the root and propagate explicit ACEs.
- See: Secure Sandbox Storage — Security requirements and best practices
- Harden NTFS ACLs at the storage root:
- Source not in enterprise allowlist
- Adjust enterprise templates (
allowedSourcePatterns) to include the intended path or choose an allowed path that matches the template. - Verify environment variables expand into an allowed, local NTFS path.
- See: Configuration Templates
- Adjust enterprise templates (
- BitLocker or EFS not detected (when required)
- For fixed disks, enable BitLocker volume protection.
- For per‑directory encryption, enable EFS on the folder and ensure the current user has the EFS key.
- Re‑run posture validation after enabling encryption.
- Drive letter changed; path not found
- Prefer Volume GUID paths to avoid drive‑letter churn (e.g.,
\\?\Volume{GUID}\TurboSandbox\Shared). - Update environment variables (if used) to the correct path.
- See: Secure Sandbox Storage — Volume GUID paths (stable identifiers)
- Prefer Volume GUID paths to avoid drive‑letter churn (e.g.,
- Variable resolution issues
- Ensure required environment variables are defined and resolve at validation time (e.g.,
%TURBO_SECURE_STORAGE%). - Avoid credentials variables for paths; use ENV for path roots.
- Ensure required environment variables are defined and resolve at validation time (e.g.,
- Policy changes not picked up
- Click Retry in the Files tab after updating configuration or restart the Launcher/Sandbox Service.
Related
- Secure Sandbox Storage
- Runtime Configuration — Security & Placement
- Device‑level Settings
- Configuration Templates
Storage Context Visibility Issues
Context Not Available
- The Context picker shows a context as unavailable, or it is hidden entirely after a policy update.
Solutions
- Confirm the context passes security posture checks (NTFS, encryption, ACLs, allowlists). See: Secure Sandbox Storage.
- Check context visibility conditions in policy:
visibility.abacrequirements may not be satisfied for the current user/session.visibility.osmight exclude the current operating system.
- Ensure the
sourcepath exists and is accessible; create or mount the path as required. - Review enterprise template allowlists (
allowedSourcePatterns). - Check Launcher logs for validation details.
Some Contexts Are Missing
- Expected contexts do not appear in the picker.
Solutions
- Verify each item under
configuration.launch.runtime.files.contextshas a uniqueidand valid shape (label,source,destination,options). - Ensure
configuration.launch.runtime.files.defaultContextId(if set) matches one of the defined context ids. - Confirm policy delivery succeeded and press Retry in the Files tab.
- Review visibility conditions and posture validation as above.
Refresh
- The file list updates automatically every 30 seconds.
- Press F5 to refresh manually.
