Windows Sandbox
Published Dec 18 2018 04:18 PM 1.9M Views
Microsoft

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

 

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

 

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

 

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

 

Prerequisites for using the feature

  • Windows 10 Pro or Enterprise Insider build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

 

Quick start

  1. Install Windows 10 Pro or Enterprise, Insider build 18305 or newer
  2. Enable virtualization:
    • If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
    • If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
    • Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
  3. Open Windows Features, and then select Windows Sandbox. Select OK to install Windows Sandbox. You might be asked to restart the computer.
  4. Optional Windows Features dlg.png
  5. Using the Start menu, find Windows Sandbox, run it and allow the elevation
  6. Copy an executable file from the host
  7. Paste the executable file in the window of Windows Sandbox (on the Windows desktop)
  8. Run the executable in the Windows Sandbox; if it is an installer go ahead and install it
  9. Run the application and use it as you normally do
  10. When you’re done experimenting, you can simply close the Windows Sandbox application. All sandbox content will be discarded and permanently deleted
  11. Confirm that the host does not have any of the modifications that you made in Windows Sandbox.

 Windows Sandbox Screenshot - open.jpg

 

Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

 

Windows Sandbox internals

Since this is the Windows Kernel Internals blog, let’s go under the hood. Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. We took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.

 

Some of the key enhancements we have made include:

 

Dynamically generated Image

At its core Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine.

 

We want to always present a clean environment, but the challenge is that some operating system files can change. Our solution is to construct what we refer to as “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.

 

When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.

 Dynamic Image.PNG

Smart memory management

Memory management is another area where we have integrated with the Windows Kernel. Microsoft’s hypervisor allows a single physical machine to be carved up into multiple virtual machines which share the same physical hardware. While that approach works well for traditional server workloads, it isn't as well suited to running devices with more limited resources. We designed Windows Sandbox in such a way that the host can reclaim memory from the Sandbox if needed.

 

Additionally, since Windows Sandbox is basically running the same operating system image as the host we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”. In other words, the same executable pages of ntdll, are mapped into the sandbox as that on the host. We take care to ensure this done in a secure manner and no secrets are shared. 

 Direct Map.PNG

Integrated kernel scheduler

With ordinary virtual machines, Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, for Windows Sandbox we use a new technology called “integrated scheduler” which allows the host to decide when the sandbox runs. 

 

For Windows Sandbox we employ a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.

 

The whole goal here is to treat the Sandbox like an app but with the security guarantees of a Virtual Machine. 

 

Snapshot and clone

As stated above, Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted and this can take some time. So rather than paying the full cost of booting the sandbox operating system every time we start Windows Sandbox, we use two other technologies; “snapshot” and “clone.”

 

Snapshot allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in the memory rather than booting it, when we need a new instance of Windows Sandbox. This significantly improves the start time of Windows Sandbox. 

 

Graphics virtualization

Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.

 

More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.

 

At a high level, this form of graphics virtualization works as follows:

  • Apps running in a Hyper-V VM use graphics APIs as normal.
  • Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
  • The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.

This process is illustrated below:

 

GPU virtualization for Sandbox - diagram.png 

 

This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.

 

To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.

 

Battery pass-through

Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where not wasting battery is important to the user.

 

Filing bugs and suggestions

As with any new technology, there may be bugs. Please file them so that we can continually improve this feature. 

 

File bugs and suggestions at Windows Sandbox's Feedback Hub (select Add new feedback), or follows these steps:

  1. Open the Feedback Hub
  2. Select Report a problem or Suggest a feature.
  3. Fill in the Summarize your feedback and Explain in more details boxes with a detailed description of the issue or suggestion.
  4. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file "Windows Sandbox" bugs and feedback. It is located under "Security and Privacy" subcategory "Windows Sandbox".
  5. Feedback Hub.png
  6. Select Next 
  7. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select Stop capture.
  8. Attach any relevant screenshots or files for the problem.
  9. Submit

Conclusion

We look forward to you using this feature and receiving your feedback!

 

Cheers, 

Hari Pulapaka, Margarit Chenchev, Erick Smith, & Paul Bozzay

(Windows Sandbox team)

317 Comments
Copper Contributor

@wroot @MasterMysterious You guys are probably right.  I use Linux/Mac for professional software development, and have Windows Home dual booted on a dev machine with a larger GPU to play games once in a while.  I treat the entire thing like a sandbox and log into nothing but my Microsoft account and Steam, so I have no use for Pro.  Obviously this is somewhat of an outlier use case, but there's got to be a lot of software professionals who just boot Windows for games.  I did not know it was based on Windows Containers (thank you!) but the requirements https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requireme... don't seem prohibitive, you'd have to try to buy a machine with less than 4G RAM these days and two virtual processors- I'm certainly missing some key insight you have here.  Oleg's point about the pro use is certainly valid, and yes probably much more common than home users who know enough to be worried about security.  Here's another use case- home users with significant savings (in the bank or investment account or ?).  Maybe these people know enough to be worried about security?  For me, I'd like to use Windows more- I like it just fine, but without an easy sandbox setup I'm just not comfortable using it for more than games.  Obviously I use docker a lot.  Maybe I'm proving your points, normal home users aren't going to use this haha...

Hey there, 

 

The Windows Sandbox feature looks promising, however for my scenario,  assess the content of a potential malicious e-mail attachment I am facing a few challenges that hopefully can be addressed. 

 

1. It looks like running Windows Sandbox requires the user to be a local admin, I hope this will change when being finally released. 

2. Windows Defender appears to be disabled in the Sandbox, would be nice to allow turning it on or off

3. UAC is disabled, this prevents me from installing Office 365 C2R, without Office in Sandbox I can't open suspicious files. 

 

 

 

Microsoft
@Alex Verboon, please do file feedback. we have definitely heard about uac requirement.
Brass Contributor

@jpangburn

When it comes to system requirements, being able to read them correctly is important. I'm talking specifically about this part:

A processor with Intel VT-x (this feature is currently only available for Intel processors).

This means Windows Sandbox relies on the computer's hypervisor. In fact, the original post says as much:

As stated above, Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted

That means on home computers, the user is facing the problem of I/O bottleneck, as always.

Copper Contributor

@MasterMysterious Terribly sorry if my reply came off as snarky, I appreciated your response so it was certainly not my intention.  I didn't think the VT-x thing was a big deal as Intel has 85-90% of desktop market share, and my desktop from 2014 has "Intel Virtualization Technology" as an option- so figured this wasn't an issue.  But my assumption is purely based on one anecdote :) plus Intel's market share.  Seems well within the 80/20 rule.

Brass Contributor

No need be sorry, I registered no snark on your part.

Your assumption about Intel VT-x was correct. Only Intel VT-x is not ipso facto the problem. The problem is the storage bandwidth of home computers. They suck.

 

Copper Contributor

Just updated to 18309.1000 on Lenovo W540 laptop.  With both Intel and Nvidia display adapters enabled, Sandbox doesn't launch.  Disabling Nvidia display adapter allows Sandbox to launch.  Same behavior as on 18305.1000.

Copper Contributor

Edit I am reliably informed that:-
Sandbox uses its own Windows Local Account password, which I do not know. Without knowing the password, I don't know how to change it.
You can sign-in with a Microsoft Account in some places, but not in others. Places that require you to confirm using the Local Account password of course do not work.

Is this correct? If it is why have we not been informed when the app was flighted? If it is not correct what do we do?

@David Elliott

 

Windows Sandbox logs in under the WDAGUtilityAccount.  If you check out the Hyper-V-Compute event log on the host system, you can see the account is created with a "net user" command line and the password is in plaintext (Create process, parameters '{"CommandLine":"net user WDAGUtilityAccount pw123","User":"NT AUTHORITY\\SYSTEM","ConsoleSize":[0,0]}', result 0x00000000, process ID 2468).  You can see the password "pw123" is the password for the user account.  I'm assuming that is just a hard-coded value because that doesn't look randomly generated to me.  I verified the password works in my Sandbox by simply locking the Sandbox and unlocking.  

 

 

Copper Contributor

So during the creation of the sandbox, not only is the WDAGUtilityAccount created with a simple password that appears in plaintext in the event log, but the WDAGUtilityAccount is also added to the local administrators group in the sandbox.  That means the user of the sandbox is a full admin and the password is a simple and probably hard-coded value.  Any malicious code in an executable or on a website could compromise the sandbox.  Some of our customers were looking at the sandbox as a potential environment for users to do their work.  But if a user goes to a malicious web site and compromises their sandbox, then they go and log into a customer site using their credentials, those credentials could easily have been captured.  If the user writes any code or scripts within the sandbox for testing, that code would be suspect.  Also, the user, being an admin, could disable security features like firewall or defender, and place the system in even greater jeopardy.

 

The sandbox also allows for the bypassing of some system restrictions.  For example, on my host system, I was NOT able to download mimikatz through Edge.  In the sandbox, not only could I download it, but I was able to execute it.  And I was able to copy it over to my host system.  Luckily, Windows Defender stopped it from being copied to my host system entirely, but maybe there is other malware that wouldn't be caught.

 

We also deal with the possibility of employees exfiltrating corporate data.  There are protections in place to prevent uploading data to sites in the host, but the sandbox can bypass those as well.  A sandbox user could potentially copy a terabyte of corporate data to their sandbox and upload it to a cloud drive.  

 

A good defense-in-depth strategy could mitigate a lot of this, but quite a few corporate customers don't always practice safety, don't monitor the environment, etc.

 

My suggestions for enhancements would be:

1.  Don't log the user in as an admin.  Log in as a user

2.  Randomize the user name and password when creating the sandbox and use a long and complex password.  Don't display the password in plaintext in the event logs on the host.

3.  Allow domain admins to somehow control the local policies in the sandbox, either through domain GPOs that apply to the host and are applied to any sandboxes that are created, or through some other management mechanism (DCM, SCCM).  

4.  Provide some way to monitor any and all activity that occurs inside the sandbox and log it out to the host or to an event collector.  

5.  Maybe provide an approval mechanism where users require an admin approval to even create a sandbox, similar to the way SCCM can require admin approval to install some software.

 

Without the ability to control the sandbox environment, any domain admin worth their salt would simply disable Windows Sandbox completely.  Which would be a shame because it has great potential, but the security model really needs to be looked at more deeply.  Security for any sandbox product has to be the #1 priority from the very start.  Locking down users who use it, and giving admins the ability to control it and audit it, are necessary.

Silver Contributor

In my understanding Sandbox is a place to mess around with unknown stuff (malware, etc.), close it and start a fresh one when needed. Not to live and work your daily work in it. As long as something can't get out of it to the host (without a user actively copying it out) i'm ok with how it operates. Some malware can be dormant if it can't get admin rights maybe. As this is a feature that has to be installed, regular limited users won't have access to it, so it is up to admins or machine owner in a case of independent researcher to install it on selected machines. In this blog post MS says, that they see this feature as a testing place for suspect executables, but some people want it to be something else (isolated environment to test software, etc.) and work in it. I can see how this can be dangerous. But it goes against MS idea of how it should be used.


@msisaacs wrote:

Just updated to 18309.1000 on Lenovo W540 laptop. With both Intel and Nvidia display adapters enabled, Sandbox doesn't launch. Disabling Nvidia display adapter allows Sandbox to launch. Same behavior as on 18305.1000.


@msisaacs  Thank you for reporting this problem! Other users have reported the same issue. We are currently working on a fix.

 

Copper Contributor

Why can't I see the feature?

image.pngimage.png

Silver Contributor

Sandbox only works in Pro and Enterprise.

Brass Contributor

I've updated my Azure VM to Windows 10 Insider 18312 and it works now. YESS!

 

I have some other questions and ideas where I want to use Windows Sandbox.

- Is there an API or CLI to start a Windows Sandbox?

- Can we run multiple Sandboxes?  (Oh, I just tried it, a popup with "Only one running instance of Windows Sandbox is allowed." appears.) Will this be improved in the future?

 

Because the Windows Sandbox reminds me to this Vagrant Cucumber plugin https://github.com/scalefactory/vagrant-cucumber I have used some years ago to run integration tests with a MSI package. This automatically snapshotted a VM and ran the first Cucumber scenario in that VM, resets to the last snapshot and ran the second scenario and so on. With Windows Sandbox it looks much better integrated and should be even faster than booting a VM for each scenario.

 

- The Windows Sandbox looks somehow related to Windows Containers. Can we have something like adding a small layer on top of the empty Sandbox "image" to have some software preinstalled? The Windows Sandbox looks for me like a "FROM scratch" or "FROM windows10host", so can we build another "image" that has "FROM windowshost + RUN install-something"?

 

 

 

Brass Contributor

@T3333: Judging by your screenshot, you are currently running Windows 10 v1809.

Windows Sandbox is currently in the beta testing stage and is available only for the Insider builds of Windows 10 v1903. You need to join the Windows Insider program to have access.

Copper Contributor
After I installed KB4487181 everything went ok. ^^
Copper Contributor

Well sandbox started up to make me upset. Windows 10 Enterprise instead of my Pro. Not activated, not localized, many settings are not available ("You need to activate Windows before blah-blah"), some regional settings require logoff-logon (but sandbox hangs up on logoff). I tried to insert SN from my MSDN account but got 0x80070002 error. Well, now the sandbox is not ready to be a sandbox. It definitely must have some options to set up. Among them should be sound scheme. Or at least an option to disable sound for sandbox completely. =E

It doesn't even set timezone from host. Epic fail.

We've just released Windows 10 Insider Preview Build 18317.

This build contains a fix for the issue where Windows Sandbox wouldn’t launch on PCs with multiple GPUs.

Copper Contributor
Well, the build fixed all that stuff I'd written. Sandbox is not starting again after 18317, and no problems with timezone or localization. ^^
Copper Contributor

It would be nice if Windows 10 Business is included since it is supposed to be an Office 365 enhanced version of Windows 10 Pro. 

Copper Contributor

Its Greyed Out For Me. I get this errorUntitled.pngMy Windows VersionMy Windows Version

@mogslatter  Check if the virtualization capabilities are enabled in BIOS. The fact that even Windows Devender Application Guard is greyed out makes me think that they are not. If you are in a VM make sure that nested virtualization is enabled.

Copper Contributor

Ok I don't think its enabled ill go and check my bios real quick 

 

Ill post updates

Copper Contributor

Ok I cant find it in bios. this is the menu.IMG_20190118_205843.jpg

Copper Contributor

Ok found it but it was enabled so I saved and exited still I get the error please help

 

Copper Contributor

I disabled and reenabled it still not working. But I get this in the corner

Wait It took me over 25 minites to upload the image WHAT!!!

 

sasasdf.PNG

Copper Contributor

How to mount the WindowsDefenderApplicationGuard.wim ?

[ I tried using DISM but failed]

Copper Contributor

I tried to launch a second instance of Windows Sandbox and got "Only one running instance of Windows Sandbox is allowed". Is it planned to allow multiple instances to run?

Brass Contributor

@rickman_MSFT Another question on GPU virtualization: Is this feature already available in the recent stable Windows Version (October 2018 update)? I mean, if I have compatible GPU and WDDM 2.5 drivers on the (Win 10 Oct 2018) host installed, will regular VMs (with same OS version) be able to utilize hardware graphics acceleration as described? Thanks.

Microsoft

@andsav Thanks for your question. No, this form of GPU virtualization is not currently available to "regular" Hyper-V VMs such as those created by Hyper-V Manager. That's something we're looking at though.

Brass Contributor

@rickman_MSFTThank you for the answer! I think this feature would be very useful in many scenarios, given that virtualization becomes more and more common even on consumer devices, especially on developer machines. I would be super excited to have it! And Windows Sandbox, of course.

Copper Contributor
Well... Build 18323. Now Sandbox logs the following event in Microsoft-Windows-Hyper-V-Compute-Operational: [34846fee-c4be-439b-9d2d-10bc09923c58] Приостановка работы вычислительной системы, параметры: '{"SuspensionLevel":"MemoryMedium"}', результат: 0x80070032
Copper Contributor

As I currently see it, sandbox is simply a tool for testing software and shady websites. It would be a great addition if we could save the sessions like a VM snapshot. I have a very specific need for a sandbox in a corporate environment that this feature would help with if it had more enterprise functionality to it. We are running Windows 10 on our POS systems and would like to run a separate environment on the same terminals for web apps while on a wireless network. The host Windows 10 OS would be running our POS software on our secure wired network.  Our goal is to run POS completely segregated from other web apps on the same PC. Specifically we would like to run POS while docked (wired network) and web apps in Sandbox while undocked (wireless). 

Copper Contributor
18329 Yet unable to start sandbox.
Microsoft

Are there future plans for

1. Run multiple Sandboxes on a single PC.

2. My host is running Win Ent 10.0.18329 but the Sandbox VM shows as Win 10 Pro 18329. Is there an option to choose which image I can get?

Brass Contributor

@Yusuf AnisHi. You say you have access to Windows 10 Enterprise edition build 18329? It already has Windows Containers, which is used to implement the Sandbox.  So, can you not install Windows Containers (more like enable it) and then run the Sandbox image in it?

Copper Contributor

Hi, I have a problem having Sandbox working. All the necessary components are installed on my laptop (Hyper-V, Windows Sandbox and Windows Defender Application Guard) and virualization is enabled in the Bios of the machine. I have more than the recommanded configuration and I'm running Windows 10 Insider Preview Build 18334.19h1 but everytime I'm trying to open sandbox, an error message appears telling me the Sandbox couldn't start. More informations are available in the logs of Computer/Worker Hyper-V. What does it mean? How to fix this in order to use Sandbox normally? Thanks for helping.

Annotation 2019-02-10 133211.jpg

 

Copper Contributor

@ybregeon1976Please share your logs.

Copper Contributor

@Yusuf Anis Where are those logs located?

Copper Contributor

@Yusuf Anis 

 

Nom du journal :Microsoft-Windows-Hyper-V-Compute-Operational
Source : Microsoft-Windows-Hyper-V-Compute
Date : 10/02/2019 15:48:38
ID de l’événement :2008
Catégorie de la tâche :Aucun
Niveau : Information
Mots clés :
Utilisateur : Système
Ordinateur : DESKTOP-FSPN6PR
Description :
[bbed8c66-86e6-462a-9f81-999f06c0f91a] Notification d’interrogation du système de calcul, résultat 0x00000000, notification 1/0x00000000
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Hyper-V-Compute" Guid="{17103e3f-3c6e-4677-bb17-3b267eb5be57}" />
<EventID>2008</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2019-02-10T13:48:38.691470200Z" />
<EventRecordID>402</EventRecordID>
<Correlation />
<Execution ProcessID="4348" ThreadID="9500" />
<Channel>Microsoft-Windows-Hyper-V-Compute-Operational</Channel>
<Computer>DESKTOP-FSPN6PR</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<VmlEventLog xmlns="http://www.microsoft.com/Windows/Virtualization/Events">
<SystemId>bbed8c66-86e6-462a-9f81-999f06c0f91a</SystemId>
<Result>0x00000000</Result>
<Parameter0>1</Parameter0>
<Parameter1>0x00000000</Parameter1>
</VmlEventLog>
</UserData>
</Event>

Copper Contributor

@Yusuf Anis 

Nom du journal :Microsoft-Windows-Hyper-V-Worker-Admin
Source : Microsoft-Windows-Hyper-V-Worker
Date : 10/02/2019 15:48:37
ID de l’événement :18502
Catégorie de la tâche :Aucun
Niveau : Information
Mots clés :
Utilisateur : NT VIRTUAL MACHINE\BBED8C66-86E6-462A-9F81-999F06C0F91A
Ordinateur : DESKTOP-FSPN6PR
Description :
« Virtual Machine » a été désactivé. (ID d’ordinateur virtuel BBED8C66-86E6-462A-9F81-999F06C0F91A)
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Hyper-V-Worker" Guid="{51ddfa29-d5c8-4803-be4b-2ecb715570fe}" />
<EventID>18502</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-02-10T13:48:37.805497400Z" />
<EventRecordID>66</EventRecordID>
<Correlation />
<Execution ProcessID="10704" ThreadID="1784" />
<Channel>Microsoft-Windows-Hyper-V-Worker-Admin</Channel>
<Computer>DESKTOP-FSPN6PR</Computer>
<Security UserID="S-1-5-83-1-3152907366-1177192166-2677637535-452575238" />
</System>
<UserData>
<VmlEventLog xmlns="http://www.microsoft.com/Windows/Virtualization/Events">
<VmName>Virtual Machine</VmName>
<VmId>BBED8C66-86E6-462A-9F81-999F06C0F91A</VmId>
</VmlEventLog>
</UserData>
</Event>

Copper Contributor
Same here. Trying to start Sandbox I'm getting the following msgbox: --------------------------- Песочница Windows --------------------------- Не удалось запустить песочницу Windows. Дополнительные сведения см. в журналах событий вычисления и рабочих процессов Hyper-V. --------------------------- ОК --------------------------- Omg. I found the error. - - 12142 0 2 0 0 0x8000000000000000 15 Microsoft-Windows-Hyper-V-Worker-Admin lnote - - Virtual Machine DB23DA39-BE2E-44E8-88ED-6D2A15C99565 C:\ProgramData\Microsoft\Windows\Containers\Sandboxes\db23da39-be2e-44e8-88ed-6d2a15c99565\sandbox.vhdx %%2147942402 7864368 80070002 C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\5934ca98-6d58-4291-85d1-a42f66202324\BaseLayer\SystemTemplateBase.vhdx Windows updates broke everything. =))
Copper Contributor
This forum has nothing to do with messages formatting...
Copper Contributor
Well... Sandbox parent path is perfect. PS C:\WINDOWS\system32> Get-VHD -Path 'C:\ProgramData\Microsoft\Windows\Containers\BaseImages\a54281d8-8de9-4162-affd-5b17a96e058a\Snapshot\SnapshotSandbox.vhdx' ComputerName : localhost Path : C:\ProgramData\Microsoft\Windows\Containers\BaseImages\a54281d8-8de9-4162-affd-5b17a96e058a\Snapshot\SnapshotSandbox.vhdx VhdFormat : VHDX VhdType : Differencing FileSize : 162529280 Size : 42949672960 MinimumSize : LogicalSectorSize : 512 PhysicalSectorSize : 4096 BlockSize : 1048576 ParentPath : C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\5934ca98-6d58-4291-85d1-a42f66202324\BaseLayer\SystemTemplateBase.vhdx DiskIdentifier : 67D336C1-AF92-4F5E-85D5-922F2C17481C FragmentationPercentage : Alignment : 1 Attached : False DiskNumber : IsPMEMCompatible : False AddressAbstractionType : None Number :
Copper Contributor
Well... I removed features "Containers" and "Windows Sandbox", then removed "C:\ProgramData\Microsoft\Windows\Containers" directory. It was a mistake and broke everything. After installing containers and sandbox application fails to start and shows nothing in hyper-v logs. Don't do that, you've been warned. =)
Copper Contributor

I removed broken link to base image from here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Containers\CmService\Images Now Sandbox not working as it was before:

 

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Hyper-V-Compute" Guid="{17103e3f-3c6e-4677-bb17-3b267eb5be57}" />
  <EventID>2004</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2019-02-10T23:25:53.424678200Z" />
  <EventRecordID>260</EventRecordID>
  <Correlation />
  <Execution ProcessID="4512" ThreadID="12180" />
  <Channel>Microsoft-Windows-Hyper-V-Compute-Operational</Channel>
  <Computer>lnote</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <UserData>
- <VmlEventLog xmlns="http://www.microsoft.com/Windows/Virtualization/Events">
  <SystemId>109b842e-565d-45fe-9e48-b7dfefb0a1ba</SystemId>
  <Result>0x80070032</Result>
  <Parameter0>{"SuspensionLevel":"MemoryMedium"}</Parameter0>
  </VmlEventLog>
  </UserData>
  </Event>

Copper Contributor

Looks like a great base for cool things to come.

What comes to my mind are the following use cases:

PAW (Privileged Access Workstation) is something Microsoft want's it admins to start using and this is, if implmented properly, a great way to go about it.

The host runs sensitive administrative applications without being exposed to mail attachments, internet downloads etc.

The sandbox "VM's" run Email, browser, word, excel etc. All unsafe workloads that needs to be separated from the host system.

A challenge for this scenario is the network, preferably the host is on an administrative network while the guest is on a client network.

Also all communication needs to be one way, no copying files out of the sandbox at all. And it needs to be persistent.

 

General application sandboxing (like the edge sandboxing announced earlier). All internet facing applications run in sandboxes while only basic trusted applications run on the host, something like a Qubes OS light. Something i would personally use a lot to lessen the attack surface of my client.

This also requires the sandboxes to be persistent and, by extension, will introduce for somehow managing their settings centrally (GPO/DSC/whatever).

 

I see the point in making it non-persistent but i believe making it persistent and allowing multiple boxes to run simultaneously would open up a lot of possibilities.

 

This for me personally is one of the most exciting new features in Windows in a long time, IF it's potential is realized properly.

We've just released Windows 10 Insider Preview Build 18342.

 

This build contains a fix for an issue where Windows Sandbox would not start on localized builds.

We’ve also done some work to improve error reporting in Windows Sandbox. Now the error dialog includes the error code and a link to the Feedback Hub.

 

@ybregeon1976  and @whitelynx  Could you give 18342 a try and report back any issues?

Copper Contributor
@Margarit_Chenchev My CPU is incompatible with this build. Thus, waiting...
Copper Contributor

 

Bonjour ,

 

Avec la Build 18342 Sandbox fonctionne correctement maintenant .

Version history
Last update:
‎Dec 12 2022 11:07 AM
Updated by: