A first look at Windows Sandbox
Windows Sandbox is a new virtualization feature that Microsoft will integrate in Windows 10. Windows Sandbox allows users and administrators to run software in a sandbox so that it cannot harm the underlying system.
Sandboxing is not a new concept but users had to resort to installing third-party solutions like Sandboxie or virtual machines such as VMWare or VirtualBox in the past to run software in a protected environment.
Windows Sandbox will be part of Windows 10 Pro and Enterprise; everything is included in the operating system making it a comfortable and elegant solution.
The environment works as expected: it is an "isolated, temporary, desktop environment" that protects the underlying host from harm and will vanish when it is closed.
Windows Sandbox requirements
Windows Sandbox has the following prerequisites:
- Windows 10 Pro or Windows 10 Enterprise build 18305 or later.
- AMD64 architecture.
- At least 4 Gigabytes of RAM, 1 Gigabyte of free disk space, and 2 CPU cores (recommended 8 Gigabytes or more of RAM, SSD, and 4 cores with hyperthreading).
- Virtualization enabled in the BIOS.
- If you use a virtual machine, you need to run the PowerShell cmdlet: Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Microsoft notes that all privacy settings but the host diagnostic data setting are set to their default values in the sandboxed environment.
How to enable Windows Sandbox
Provided that the system meets the requirements listed above, you may enable Windows Sandbox in the Windows Features dialog.
- Use the shortcut Windows-Pause to open the System Control Panel applet.
- Select Control Panel Home.
- Activate Programs.
- Select Turn Windows features on or off.
- Check Windows Sandbox.
- Click ok and follow the instructions.
You may also enable the feature using the Settings application:
- Use the shortcut Windows-I to open the Settings application.
- Go to Apps > Apps & Features > Programs and Features > Turn Windows Features on or off.
- Select Enable Windows Sandbox.
Using Windows Sandbox
Once installed, use the Start menu to load Windows Sandbox. You can search for it. Note that it requires elevation; you can right-click on the file and select run as administrator to run it with elevated privileges.
Copy an executable file -- or any other file for that matter -- and paste it into the Windows Sandbox window. You may then run it like you would do on the "real" desktop and interact with the software like you would do normally.
You may close the Windows Sandbox window at any time to close the session. Any changes are discarded and sandbox content is deleted in the process.
Microsoft notes that Windows Sandbox uses Windows Containers to provide the sandboxing functionality. While Windows Containers were "designed to run in the cloud", Microsoft's team integrated it with Windows 10 and modified it so that it would work fine on laptop and desktop devices running the operating system.
Windows Sandbox uses the loaded Windows version as the operating system image; this is different from many other virtualization environments which require virtual images that users need to download and install in the machines.
The implementation has several known issues in its current state:
- Will trigger "significant CPU and disk activity" on install and in the first minute of servicing.
- Start Menu is delayed and some Start menu apps won't execute.
- Time zone is not synced between Windows Sandbox and host.
- Windows Sandbox does not support installers that require reboots.
- Microsoft Store is not supported.
- High DPI displays and multi-monitor configurations are not supported very well.
Windows Sandbox offers several interesting use cases; it may replace other virtualization solutions in some cases:
- Run software that you want to check out so that it can't harm the underlying operating system or steal data.
- Execute software in the environment for privacy purposes (e.g. not wanting history records or traces in the temp folder).
- Run any other file in the sandbox.
While you can install programs in the sandbox, you cannot use it to test or analyze software that requires a reboot of the system before it can be used.
Microsoft has not integrated the feature yet in any version of Windows 10. The company plans to integrate it in upcoming Insider builds for testing purposes before it lands in an upcoming feature update for Windows 10.
Windows Sandbox offers advantages over third-party sandboxing or virtualization solutions: it is integrated in Windows 10 and uses the host operating system as its base. It lacks flexibility on the other hand and does not support persistent sessions or data.
It remains to be seen how fast Windows Sandbox will start when executed on a system that supports it, and how much of a difference faster hardware makes.
Now You: Sandbox integration in Windows 10? Good or bad? What is your take?Advertisement