A first look at Windows Sandbox
Windows Sandbox is a new virtualization feature that Microsoft will integrate in Windows 10. Windows Sandbox allows users and administrators to run software in a sandbox so that it cannot harm the underlying system.
Sandboxing is not a new concept but users had to resort to installing third-party solutions like Sandboxie or virtual machines such as VMWare or VirtualBox in the past to run software in a protected environment.
Windows Sandbox will be part of Windows 10 Pro and Enterprise; everything is included in the operating system making it a comfortable and elegant solution.
The environment works as expected: it is an "isolated, temporary, desktop environment" that protects the underlying host from harm and will vanish when it is closed.
Windows Sandbox requirements
Windows Sandbox has the following prerequisites:
- Windows 10 Pro or Windows 10 Enterprise build 18305 or later.
- AMD64 architecture.
- At least 4 Gigabytes of RAM, 1 Gigabyte of free disk space, and 2 CPU cores (recommended 8 Gigabytes or more of RAM, SSD, and 4 cores with hyperthreading).
- Virtualization enabled in the BIOS.
- If you use a virtual machine, you need to run the PowerShell cmdlet: Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Microsoft notes that all privacy settings but the host diagnostic data setting are set to their default values in the sandboxed environment.
How to enable Windows Sandbox
Provided that the system meets the requirements listed above, you may enable Windows Sandbox in the Windows Features dialog.
- Use the shortcut Windows-Pause to open the System Control Panel applet.
- Select Control Panel Home.
- Activate Programs.
- Select Turn Windows features on or off.
- Check Windows Sandbox.
- Click ok and follow the instructions.
You may also enable the feature using the Settings application:
- Use the shortcut Windows-I to open the Settings application.
- Go to Apps > Apps & Features > Programs and Features > Turn Windows Features on or off.
- Select Enable Windows Sandbox.
Using Windows Sandbox
Once installed, use the Start menu to load Windows Sandbox. You can search for it. Note that it requires elevation; you can right-click on the file and select run as administrator to run it with elevated privileges.
Copy an executable file -- or any other file for that matter -- and paste it into the Windows Sandbox window. You may then run it like you would do on the "real" desktop and interact with the software like you would do normally.
You may close the Windows Sandbox window at any time to close the session. Any changes are discarded and sandbox content is deleted in the process.
Microsoft notes that Windows Sandbox uses Windows Containers to provide the sandboxing functionality. While Windows Containers were "designed to run in the cloud", Microsoft's team integrated it with Windows 10 and modified it so that it would work fine on laptop and desktop devices running the operating system.
Windows Sandbox uses the loaded Windows version as the operating system image; this is different from many other virtualization environments which require virtual images that users need to download and install in the machines.
The implementation has several known issues in its current state:
- Will trigger "significant CPU and disk activity" on install and in the first minute of servicing.
- Start Menu is delayed and some Start menu apps won't execute.
- Time zone is not synced between Windows Sandbox and host.
- Windows Sandbox does not support installers that require reboots.
- Microsoft Store is not supported.
- High DPI displays and multi-monitor configurations are not supported very well.
Use Cases
Windows Sandbox offers several interesting use cases; it may replace other virtualization solutions in some cases:
- Run software that you want to check out so that it can't harm the underlying operating system or steal data.
- Execute software in the environment for privacy purposes (e.g. not wanting history records or traces in the temp folder).
- Run any other file in the sandbox.
While you can install programs in the sandbox, you cannot use it to test or analyze software that requires a reboot of the system before it can be used.
Closing Words
Microsoft has not integrated the feature yet in any version of Windows 10. The company plans to integrate it in upcoming Insider builds for testing purposes before it lands in an upcoming feature update for Windows 10.
Windows Sandbox offers advantages over third-party sandboxing or virtualization solutions: it is integrated in Windows 10 and uses the host operating system as its base. It lacks flexibility on the other hand and does not support persistent sessions or data.
It remains to be seen how fast Windows Sandbox will start when executed on a system that supports it, and how much of a difference faster hardware makes.
Now You: Sandbox integration in Windows 10? Good or bad? What is your take?
Win-10 Pro “Sand Box”
Firstly I’m not a geek. I’ve put Win-10 Pro onto a new Dell (8 gb ram) Inspiron and a 6 year old Medion Akoya with 4 gb. Sand Box (SB) worked and then gave up after a day, froze with an Error 0x80070057.
Looked around without success for a fix as SB is so new I suppose, my first try into SB’s. I only really know and use CMD “SFC /scannow”. Scan came up with problems could “NOT fix”. Then ran scan ‘CMD Dism’ — C:\WINDOWS\system32>
‘dism /online /cleanup-image /restorehealth’ — indicated no problems . . .
Ran ‘SFC’ can again, indicated no problems and now works well on the Dell. The Akoya takes 5 minutes to appear and actually work, it does work OK it seems!! So for what its worth, that is my experience . . .
I’m being careful as the 3 x Win Pro’s via Ebay (Yes!) — two did Activate, although I’m not sure if I’ve got pirated copies etc. If they are I will remove them, just have not been able to assess the are ‘pirates’.
Tried different methods to indicate “genuineness”, Powershell comes up with a totally different set of codes. Apple is much better in allowing you to assess software reliability, the biggest problem is owner’s don’t fill out the Adobe paperwork to sell the codes/software on Ebay …
Douglas H (Australia)
It worked good when I installed it last week. Today, 12/24/2018 it refuses to open. Nothing has changed on my computer. What gives???
This sounds great, yet I hope this update is free AND works on my olderish Windows 10 Pro boxes. As such, I’m not getting too excited about this news yet, as history shows companies as Microsoft tend to over hype things. Still, Kudos to them for the free upgrade to Windows 10. I left one of my boxes with Windows 7, but I can now say I like Windows 10 better, that is after much tweaking.
As for sandboxing, being that I’m lazy and frugal, I use the sandbox that comes with 360TS (all free), which works great for me, at least as a placebo.. ha.. I’ve tried VMs, but I don’t like the resource hits for that, so instead I tend to use olderish boxes that i upgrade and/or depreciate to Linux Lite or whatever. So, instead of VMs, I just use several boxes for different uses and tests, and sandboxes. Yet the downside is, those boxes take up a lot of room, but I have the space.
In the end, I have some pretty solid 3x back-up methods, and for the most part, i gave up on the idea of “web privacy”, so little worries overall.
Beyond all that, I do wish Microsoft would update or replace NTFS and such, as data loss is always my biggest concern. As such, I may give up with Microsoft and move to BSD with ZFS, such as with TrueOS and/or FreeNAS. And yes, I know about Linux with ZFS, which is another free option for us frugal folks.
Nice to see a native sandboxing feature finally come to Windows, after Linux has already had things like jails, chroot and the more recent systemd-nspawn, but still, better late than never.
I have always used Sandboxie on Windows for sandboxing programs since 2007 but I notice a lot of things won’t work correctly when installed in Sandboxie, such as gnupg/gpg4win, so this should work better for scenarios like that, though these Windows sandboxes are only temporary unlike Sandboxie sandboxes, which is a downside…
Exactly. I have seen a lot of people just talking smack about how shit this new sandbox feature from Microsoft is (without even testing it) and how Sandboxie is the way to go for everything. Sandboxie was great back in the XP and 7 days. Was pretty good during 8 but by the time we get to 10, there are quite a few things here and there that just no longer work correctly. I still make sure I install it on all my system but it’s no longer as reliable as it once was and I had encounter quite a few programs that simply refused to run. In addition, it no doesn’t receive as much updates as it used to when the old owner was still around. That said, I still don’t regret getting that lifetime license. Who would? It worked great for many years.
Agreed, I bought a lifetime license about a decade ago, when they were something like $20-25 and I don’t regret it at all because Sandboxie has served me well and like you, I always make sure to have it installed.
However, it doesn’t change the fact that as I mentioned, some programs simply won’t work correctly if they were installed in Sandboxie. It’s so weird because I can still install huge programs like Photoshop in a sandbox and it runs fine, but you take a simple program like gpg4win and it won’t run when installed in a sandbox. Even weirder is that I KNOW at one time I was able to get gnupg to work just fine inside Sandboxie, but it might have been the 1.4 branch…?
Also another issue, which isn’t Sandboxie’s fault but is still annoying, is that sometimes when you run *cough* keygens *cough* inside a sandbox then it will detect it is running inside Sandboxie and will terminate itself.
Perhaps these Windows sandboxes could be used for situations like that as they may appear no different to the programs than if they were running on a native Windows install?
Apparently, it’s an administrator-only feature.
Interesting how my reply to Harro has been pulled
It has not been pulled.
Apologies. Opera wasn’t refreshing the page correctly (looks for some humble pie!)
No problem. As a rule of thumb: comments get removed only if they are spam, malicious, or attack users. There may be more edge cases but generally speaking, comments don’t get deleted without a good reason to do so.
Martin,
I will also say this….
I have noted how incredibly forthcoming you are with respect to letting comments remain after posting by the user.
I have often been amazed of your perspective in doing so…even IF users post seriously critical comments about you personally, or Ghacks.
I really respect you for doing so.
Neat! First break Sandboxie with version 1809 (it would not install until I removed Sandboxie), then offer a sandbox in paid version of Windows only. Don’t need to be very bright to see through this one.
All versions of Windows are paid versions.
Go to Sandboxie forum and download a new beta version. It works fine with 1809 and Windows will upgrade over it.
I will wait and see. I have used Sandboxie for several years. All of my internet browsing and email go in it. Sandboxie allows hooks into non-sandboxed items, such as bookmarks. Bookmarks in a browser are useless unless you can save them outside of the sandbox.What good is a Word document you write if you can’t save it outside of the sandbox?
I also put my sandbox container file in a ramdisk for added security. Sandboxie can be configured to delete the sandbox on exit from the last program in the sandbox. By putting it in a ramdisk, security is added because, at the very least, the sandbox will go away when the computer is turned off. There’s also considerable less wear on the SSD.
Windows sandbox will have possibilities if these ideas are included.
It’s about time. It only took them more than 20 years.
It should have been released along with their embedded Windows Firewall.
SSD a demand ? What about us that try to lower the amount of writings to the SSD ? I know that Windows 10 kills a SSD’s quite fast due to all BS it writes all the time, therefor i am still on Windows 7 and earlier OS:es…i have quite good control of what these OS:es write to my SSD.
Too bad that Microsoft never have cared about their customers and their needs before….and still don’t do it….as i see it.
Kills SSDs? Please stop spreading fake news. There is zero evidence for that.
How on earth does W10 kill SSDs? Wut.
SSD is recommended.
So basically MS is saying that if you are not running Windows 10 Pro or Enterprise then we don’t give a s*it if you install third party software.
Yes, they don’t give a sh*t for their beta testers but they announced that long time ago by removing Windows Defender features for Home editions.
Also, Harro, you are a noob.
No, MS is saying if you ask a Home user what’s a sandbox, they answer “a box with sand where kids play”, such users don’t need such advanced functions. I don’t see anything wrong with Pro exclusives…it’s almost twice the price of Home and needs some advantages over it. XP Mode was also only in Win 7 Pro, Ultimate and Enterprise.
Harro, you seem to make the mistake in thinking that ALL home users are plebs that sit at home ‘playing’. I manage 4 Win 10 Home Computers, 1 Win 7 Home Computer and even an old XP machine. You are partly correct that ‘home’ users don’t need some of the advanced features, but what we need is inbuilt applications that keep the computer safe.
As for a sandbox being “a box with sand where kids playâ€, that is exactly what a computer sandbox is with the exception that it is not ‘kids’ playing. It is a safe area.
Really good news indeed. This because I am a firm believer that integrated applications always will have fewer conflicts with the o.s..
Hopefully, it will work even smoothly than the existing virtual environment (Virtual machine) who are available right now, as you mention above. I also like CW Sandbox and VMRay.
You mentioned that the computer will need “At least 4 Gigabytes of RAM (recommended 8 Gigabytes or more of RAM)” does this mean that when you have 8 GB installed it will be more than enough to ensure a perfect workflow or does this mean that its necessary to install at least 16 GB of RAM because than you will have at least 8GB of free RAM to work at an optimal flow with the application? I understand that 32 GB will be even better for the workflow!
I have searched on startpage.com for a release date from the hereabove by you mentioned version from Windows 10 Pro or Windows 10 Enterprise build 18305, but I could not find any mention from when this could be roughly (approximately)?