From 792731fa5265825a6dcf1ad7fe99a062fb87c0f0 Mon Sep 17 00:00:00 2001
From: Michael Nady <michael.nady@gmail.com>
Date: Thu, 23 Jun 2022 13:41:12 +0200
Subject: [PATCH] #10456

#10456 wants to clarify the level of the logon command account, and assumed it must be an Administrator, so I added this info.
---
 .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 94adc3d7c8..d7fd288b24 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -112,7 +112,7 @@ An array of folders, each representing a location on the host machine that will
 
 ### Logon command
 
-Specifies a single command that will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
+Specifies a single command that will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account. The container user account should be an Administrator.
 
 ```xml
 <LogonCommand>