Key features (full list)
	allow jailing all drives
	set up different jail zone templates for different users
	set up different zail zone templates for different groups
	serve any existing user or group credentials from domains
	support copy on demand feature

	Buy WinJail now
	1 year support of all present features free updates and bug fixes no limitations by processor

	Download trial (2,2 MB)
	$0 limited support limited functionality when trial period expires

WinJail Quick HowTo

Back to Index

WinJail was designed for anyone who knows basic principles of jail / chroot technology, e.g. for system administrators.

The most simplest use case is based to complete isolation of certain application, by making the following steps:

Prepare jailed environment.
Configure WinJail

Prepare jailed environment

To do this, you need to copy all files necessary for your application to separate folder (it will be virtual root for your application).

Example: you have Internet Explorer.

So, which folders you really need to copy?

system (C:\WINDOWS with all sub-folders)
Installation (Program Files\Common Files, Program Files\Internet Explorer)
Profile (\Users\ or \Documents and Settings\)

Once you did this, you ready to configure WinJail to use newly created folders for IE.

Configure WinJail

To do this, you need to specify the following rules:

C:\WINDOWS\* -> \WINDOWS, for your account, and Internet Explorer (IEXPLORE.EXE)
C:\Program Files\* -> \Program Files, for your account, and Internet Explorer (IEXPLORE.EXE)
C:\Users\\* -> \Profile, for your account, and Internet Explorer (IEXPLORE.EXE)
C:\* -> read-only, for your account, and Internet Explorer (IEXPLORE.EXE)

Now, you need to apply these changes for WinJail (through WinJail UI, or by chroot command line tool).

So, all further startups of IEXPLORE.EXE (e.g. Internet Explorer) will be jailed automatically.

Other configuration options

Of course, you can simply use other possibilities - like hidden folders. For example by adding the following rule to your case

D:\* -> hidden, for your account, and Internet Explorer (IEXPLORE.EXE)

you'll disables any possibility for Internet Explorer to even see disk D: when it jailed.

For such system folders, like WINDOWS, in case user do not need to work with it, you can use technique named "copy on write" already incorporated with WinJail. It is useful for WINDOWS folder to not let you copy dozen of gigabytes for every jailed space.

For user data it can't be used, but for system files it works. So, you can use appropriate flags when defining a rules for C:\WINDOWS\* and C:\Program Files\* source folders, it will create files and folders in jail only if it will be touched or created and on the fly. All you need - to make destination folders and you can copy nothing here initially.

If file is not added/changed, for rule with copy on write option, the original files are being used.

Important note about masks

Important note: the source masks

C:\WINDOWS
C:\WINDOWS\*.*
C:\WINDOWS\*

are totally different, so be careful while defining rules.

C:\WINDOWS means this folder exactly. For rule it has no any sense except specific cases and alone file to be managed.

C:\WINDOWS\*.* means only files directly placed in windows folder and only if files has non-empty extensions.

C:\WINDOWS\* (what you really need) means all sub-fo;lders and sub-files in folder.

In the same manner, C:\* means whole disk, and asterisk (not recommended to use) means all files form everywhere, including removable devices, network, replication points, and more.

Back to Index

Home - Technologies - WinQuota - WinArmor - WinJail - Site Map - Services - Support