Windows Sandbox
Published Dec 18 2018 04:18 PM 1.9M Views
Microsoft

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

 

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

 

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

 

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

 

Prerequisites for using the feature

  • Windows 10 Pro or Enterprise Insider build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

 

Quick start

  1. Install Windows 10 Pro or Enterprise, Insider build 18305 or newer
  2. Enable virtualization:
    • If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
    • If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
    • Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
  3. Open Windows Features, and then select Windows Sandbox. Select OK to install Windows Sandbox. You might be asked to restart the computer.
  4. Optional Windows Features dlg.png
  5. Using the Start menu, find Windows Sandbox, run it and allow the elevation
  6. Copy an executable file from the host
  7. Paste the executable file in the window of Windows Sandbox (on the Windows desktop)
  8. Run the executable in the Windows Sandbox; if it is an installer go ahead and install it
  9. Run the application and use it as you normally do
  10. When you’re done experimenting, you can simply close the Windows Sandbox application. All sandbox content will be discarded and permanently deleted
  11. Confirm that the host does not have any of the modifications that you made in Windows Sandbox.

 Windows Sandbox Screenshot - open.jpg

 

Windows Sandbox respects the host diagnostic data settings. All other privacy settings are set to their default values.

 

Windows Sandbox internals

Since this is the Windows Kernel Internals blog, let’s go under the hood. Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. We took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.

 

Some of the key enhancements we have made include:

 

Dynamically generated Image

At its core Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine.

 

We want to always present a clean environment, but the challenge is that some operating system files can change. Our solution is to construct what we refer to as “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.

 

When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.

 Dynamic Image.PNG

Smart memory management

Memory management is another area where we have integrated with the Windows Kernel. Microsoft’s hypervisor allows a single physical machine to be carved up into multiple virtual machines which share the same physical hardware. While that approach works well for traditional server workloads, it isn't as well suited to running devices with more limited resources. We designed Windows Sandbox in such a way that the host can reclaim memory from the Sandbox if needed.

 

Additionally, since Windows Sandbox is basically running the same operating system image as the host we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”. In other words, the same executable pages of ntdll, are mapped into the sandbox as that on the host. We take care to ensure this done in a secure manner and no secrets are shared. 

 Direct Map.PNG

Integrated kernel scheduler

With ordinary virtual machines, Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, for Windows Sandbox we use a new technology called “integrated scheduler” which allows the host to decide when the sandbox runs. 

 

For Windows Sandbox we employ a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.

 

The whole goal here is to treat the Sandbox like an app but with the security guarantees of a Virtual Machine. 

 

Snapshot and clone

As stated above, Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted and this can take some time. So rather than paying the full cost of booting the sandbox operating system every time we start Windows Sandbox, we use two other technologies; “snapshot” and “clone.”

 

Snapshot allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in the memory rather than booting it, when we need a new instance of Windows Sandbox. This significantly improves the start time of Windows Sandbox. 

 

Graphics virtualization

Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.

 

More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.

 

At a high level, this form of graphics virtualization works as follows:

  • Apps running in a Hyper-V VM use graphics APIs as normal.
  • Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
  • The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.

This process is illustrated below:

 

GPU virtualization for Sandbox - diagram.png 

 

This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.

 

To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.

 

Battery pass-through

Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where not wasting battery is important to the user.

 

Filing bugs and suggestions

As with any new technology, there may be bugs. Please file them so that we can continually improve this feature. 

 

File bugs and suggestions at Windows Sandbox's Feedback Hub (select Add new feedback), or follows these steps:

  1. Open the Feedback Hub
  2. Select Report a problem or Suggest a feature.
  3. Fill in the Summarize your feedback and Explain in more details boxes with a detailed description of the issue or suggestion.
  4. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file "Windows Sandbox" bugs and feedback. It is located under "Security and Privacy" subcategory "Windows Sandbox".
  5. Feedback Hub.png
  6. Select Next 
  7. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select Stop capture.
  8. Attach any relevant screenshots or files for the problem.
  9. Submit

Conclusion

We look forward to you using this feature and receiving your feedback!

 

Cheers, 

Hari Pulapaka, Margarit Chenchev, Erick Smith, & Paul Bozzay

(Windows Sandbox team)

317 Comments
Copper Contributor

I enable Windows Sandbox on my Windows 10 Enterprise, 1903.It makes an error code E_FAIL (0x80004005) so that I can't start a virtual machine. Here is the detail:
Call to WHvSetupPartition failed: ERROR_SUCCESS (Last=0xc000000d/87) (VERR_NEM_VM_CREATE_FAILED).

Copper Contributor

@MasterMysterious do you know if the new sandbox will have the same hardware signature every time? Or will it be unique every time it launches?

Brass Contributor

@Dan203It depends on how you generate your signature, but Windows Sandbox does not try to hide the fact that it is a sandbox. Still, if you did read my previous comment, you now know that I do not investigate what I consider a "failed enterprise" deeply.

Copper Contributor

@MasterMysterious I was thinking about using the hardware signature for an online activation. We currently have an online activation process in place for registered users, but don’t use it for trial keys. We could implement it for trials as well to prevent abuse via the sandbox. I believe it uses a standard Windows API to get the hardware signature. (not my area of the code, so don’t know exactly) But it's only going to work if the hardware key from the sandbox is the same every time. 

Copper Contributor

Anyone know if there is a GPO for this? I can disable it via powershell but users can just reenable the feature. 

Copper Contributor

I used to make a vm every time I wanted to test something and when I heard from the sandbox I was very happy but when I tried to install a program that needed a reboot it didn't work

 

#sandbox #restart 

Deleted
Not applicable

Can anyone tell me, what is the default password of Windows Sandbox.

Copper Contributor

Unable to test software deployment due to no .net 3.5 integration and Windows Features is blank and won't allow me to test my test deployment.

Copper Contributor
@Dan203 It totally depends on what information your software combines to create a "machine ID" since there is no such standard thing in Windows. A common value that is used is the GUID at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography and I found this to be the stable over time in Sandbox from run to run. This is one of those cases where rolling your own is probably not worth the trouble, just license some proven licensing scheme and use it. You seemed surprised at the concept that Sandbox would allow someone to use your trial over and over, but if that were true then any Virtual Machine could have been used to do the same thing up to now (even better since with a virtual machine you can install all the stuff you need once and then refresh the VM only when your trial runs out. In other words this problem might be new to you, but it's not new at all. Good luck.
Copper Contributor
@Deleted "abc123" appears to be the default password for the Sandbox admin user.
Copper Contributor
@marc-desforges_68 I was going to suggest that you mount the Windows 10 ISO to the Sandbox, but turns out there's no way to do that. Here is a list of things that I tried that failed:
  1. Mount an ISO before the Sandbox then use MappedFolder to map that ISO into the Sandbox (get confusing error when launching Sandbox).
  2. Mount the root of any drive (get confusing error when launching Sandbox).
  3. Mount a path containing an ISO then mount it in the Sandbox (refuses to mount the ISO).
  4. Copy the ISO file to drive C: and then mount it (refuses to mount the ISO).
  5. Do all the above with a tiny ISO (thinking that size might be the problem), nope.
  6. Mount two paths that end in folders with the same name (throws error, file already exists).
So, no I don't see a way to do this.
Copper Contributor

@Omnius 

 

The software that I wrote requires .net 3.5 to be installed as it ties in with another application that also requires .net 3.5 to work.

I get the following error when I try to install .net 3.5.

 

Annotation 2019-05-28 220758.png

 

Windows Sandbox does not give me the option to load any Windows Features including .net 3.5.. 

 

Annotation 2019-05-28 220435.png

 

Tried everything, but no luck even after looking up windows support site.. 

Copper Contributor

Just upgraded to Win10 1903 and enabled Windows Sandbox without a problem. However, on launch, it immediately errors out with:

Windows Sandbox failed to start.

Error 0x80070013. The media is write protected.

 

I ran the application with "Run as Admin" but no difference. I cannot get any information as to what "media" it is referring to; my system is fully BitLocker encrypted.

 

When looking at the Event Viewer > System log I see an Event ID 51 logged 3 separate times in succession with the error "An error was detected on device \Device\Harddisk1\DR4 during a paging operation."

Brass Contributor

Thank you for this great technology, it is really going to speed up testing dodgy links. I'm curious how the networking works. It appears to create a new network for the Sandbox but I've never seen this feature in Hyper-V.

Copper Contributor

Great idea!

 

It would be useful for me to have exact copy of the current Windows environment, not just clean Windows - to deal with a different network inside the sandbox. Or at least to pass over selected files and applications. I hope this feature will be added.

Copper Contributor

@marc-desforges_68 I also attempted to test a software deployment using Windows Sandbox, because it seems like a convenient way to test an installer.  My software runs alongside SQL Server Express, but I found that SQL Server Express won't install on Windows Sandbox.  It seems like the full .NET Framework is not available in Windows Sandbox.

  caspol.png

Copper Contributor

So I have done further testing as I believe the issue is with BitLocker being enabled before the Sandbox feature is enabled. All machines are physical systems.

 

Test 1 - Disable BitLocker on an existing machine. Sandbox error about "media being write protected" persists.

Test 2 - Clean install of machine, off domain. Sandbox works.

Test 3 - Join clean install to domain. Sandbox still works.

Test 4 - Enable BitLocker on newly domain-joined system. Sandbox still works.

Test 5 - Apply group policies as required by the OU placement. Sandbox still works.

 

It appears that enabling the Sandbox feature on a system that had BitLocker enabled before is the key culprit with the "media is write protected" error. Anyone else having this problem yet? I haven't found any update from MS on this issue and the recent CU didn't fix it.

Brass Contributor

^ Well, that's terrible. BitLocker is deployed pretty much everywhere.

Copper Contributor

Is it possible to run a HV inside a Windows 10 Sandbox VM? Thus, does it support nested virtualization? Is this on the road map?

Copper Contributor
Internet doesn't to work when using a VPN, any ideas on the matter?
Copper Contributor
@f1ben it seems that something is broken, when I try to run an application needing the .net 4.7.3 it says its missing and when I try to install it I get an error saying that new or equal version is already installed.
Copper Contributor
.NET errors have to do with the KB4495620 update try uninstalling the update on admin cmd with wusa /uninstall /kb:4495620 unfortunately did not work for me, since it wont let me uninstall but other people are reporting this fix as working @f1ben
Copper Contributor

Hello,
I had a Question:
Can i select some stantard Programms in the Sandbox ?
Like some E-Mail Programm or Google Chrome / Firefox and other ??
Or can i do this with other Programms ^^
Thanks for request :)
(Sry for my bad english)  Had a nice day !

Copper Contributor

I have a machine in a domain an activated the feature. If Istart the sandbox I got the following error.

 

grafik.png

 

Copper Contributor

Thanks, @philberndt!  I wasn't sure if you meant I should uninstall KB4495620 from the host or the Sandbox.  I found these instructions from Marcin indicating that it should be uninstalled from the host:

https://marcinotorowski.com/2019/06/05/windows-sandbox-unable-to-run-net-apps/

 

Unfortunately, Windows won't uninstall the update because it is "required".

Remove_KB4495620.png

Copper Contributor
@f1ben, Yeah it was on the host I followed these instructions http://borncity.com/win/2016/10/21/windows-updates-fehlende-deinstallation-erzwingen/ But to no avail, are you running win insiders? I was able to getting working on a non insiders machine.
Copper Contributor

@philberndt, I have been testing on a non-insiders machine.  On this system, I don't want to risk altering the .mum files, so I may test this on another system.

Copper Contributor
I can't connect to the internet from the Sandbox when I have a VPN with the VPN's provider DNS, if I switch from for example in my case PIA DNS (Private Internet Access) to my existing DNS it works.
Copper Contributor

Has anyone run into the issue that I am having? Unable to get Sandbox to run after enabling it on a system where BitLocker already exists?

Copper Contributor

@Margarit_Chenchev Is it possible to support multi-sandbox scenario? I am trying to use the sandbox as a fast boot VM. I am a release engineer whos responsible for making installer package. I make mistakes all the time and resulted in bad installer that would potentially break one's registry. 

 

So I always test it inside a VM to make sure everything is good before I give it out to our QA testers. I need to test out the server installer + client installer and make sure the installed product works. In such case I would need two sandboxes running side by side but Windows Sandbox doesnt support such scenario. IMO being able to run at least two sandbox at once is pretty desired for server code testing. 

 

P.S. if the limitation is due to license problem can we get an option in the config file to specify the license key that we want to use for that VM?

Copper Contributor

Windows Sandbox非常便利的功能,但是美中不足是不能自定義Sandbox的硬體配置,強制的只有40G硬盤空間 跟4G RAM,無法測試運行大型檔案,根本無法安裝進Sandbox,這樣就毫無意義了,希望增加一個Sandbox設定應用讓使用者可以調整分配硬盤空間/RAM多寡等選擇

@Steven1120  Thanks for using Windows Sandbox!

 

Our current ability to handle Windows Sandbox licenses is limited. Specifying a license in the config file is one approach but there are use-cases in which this approach may not be the most desired/optimal one.

 

In your scenario, is it acceptable to install and test the client and the server in the same Windows Sandbox instance?

Copper Contributor

@Margarit_Chenchev not really. first there are some conflicts between the two's components which I can't install both package on the same machine. second it is doesnt make much sense to test server/client program on the same machine. Is it possible to make something like a key pool which we can assign dedicated keys for sandbox? MSDN subscription comes with more keys than we can ever use and this seems like a good place to burn some of them. 

Copper Contributor

Hi! I am a newbie here. I have notices that when I ran sandbox it created its own IP address <192.XXX.XXX.XXX>. Is there a way that it would connect to our server using our own IP? I'm sorry I haven't scrolled down all posts since it has so many already. Thank you Smiley Happy

Copper Contributor

How can we pass the CD/DVD drive to sandbox? I know how to do folders, but I need to pass the physical drive to sandbox as a physical cd drive as drive D:\

Copper Contributor

Apps not working in sandbox

 

Please fix it

 

Capture.PNG

Copper Contributor
On start sandbox shows me the following: --------------------------- --------------------------- The connection to the sandbox was lost. Error 0x80072746. Удаленный хост принудительно разорвал существующее подключение. Would you like to submit feedback about this issue? --------------------------- Да Нет ---------------------------
Copper Contributor
A much needed feature. Thanks MS!
Copper Contributor

Hi.  I installed Windows Sandbox.  I can't install any windows features and I also can't run any of my applications which I believe is due to .net issues. I get errors during the setup.exe process.  Error is  1935 an error occurred during the installation of assembly component.  I see references above to others having similar issue.  I am running the Sandbox as Administrator.  The only reason I wanted to use Sandbox was to testing running these apps so I can't use it until that is addressed. 

Copper Contributor
while this come to home edetion?
Copper Contributor
Great news, guys. One says that Sandbox isn't working on top of most OS localizations. Mine is ru-RU.
Copper Contributor

Is there a github repo to report issues that's public facing?

@virzak  Thanks for using Windows Sandbox! Currently we do not have a github repo. You can use Feedback Hub to report issues and make suggestions. With Feedback Hub you can also see and upvote feedback from other users.

Copper Contributor

This Sandbox is very interesting, but without possibility to persist changes to virtual machine it is not nearly as useful as it could be.

 

It could become much more useful if option is added to keep machine state after restart, something like <GuestFolder>c:\somewhere</GuestFolder> , and if present then Windows Sandbox would start from files in that folder( if they do not exists it create working files there like it normally do now ) , and on shutdown if option was present then Windows Sandbox would not delete those files.  

 

Someone could argue that we could use Hyper_V  virtual machine if we want changes to persist on restart, but Windows Sandbox have two very important advantages currently:

- light disk footprint  :  it reuse OS files from host

- much better GPU performance:  graphic virtualization on Sandbox allows it to have less than half performance of host GPU on benchmarks I tried (55%), while standard Hyper-V can not even run those 3D benchmarks. Comparatively, VMWare workstation can run those benchmarks , but five times slower than host GPU (18%). 

 

Hopefully, in future,  there will be an option to persist changes across VM restarts.  

Brass Contributor

Hi team. Since this great detailed article there has been almost silence in this blog. I'm eager to hear more about innovations in windows internals (and I bet many others are!). Also, I'm curious to know if GPU virtualization support for regular Hyper-V VMs has got any further (@rickman_MSFT  mentioned that the team was considering this) and if there is a hope to see this in the fall (September?) update? Thanks!

@gmnenad  Thanks for using Windows Sandbox!

 

Adding full persistency support comes with a lot of challenges especially around servicing. The config file can be used to script a scenario to some extent, but it will still take some time for these steps to execute when Windows Sandbox starts.

We understand that the lack of reboot support is a big limiting factor. We are currently evaluating different approaches.

Copper Contributor

My computer runs on Windows 10 Pro, Version 1903, System Build 18362.356 

The oryginały Windows was purchased in USA, just now I am in Poland, so display is in Polish language.

I want to use Windows Sandbox (in Polish Piaskownica). However, in the Windows features the Sandbox is grey. No activations available.

Why? How I can get the Sandbox?

Funkcje Systemu Windows.jpgSpecyfikacja systemu.jpg

Can we have Windows Sandbox guest OS activated? there are some things that require activated Windows to be tested.

I think if the host OS is activated, the gust OS inside Sandbox should be activated as well.

@Wijaki 

Hi,

Check if virtualization is disabled in here

windows-10-sandbox-greyed-out-2

 

if it is then you need to turn on these options:

 

they can be inside Windows or in your BIOS/UEFI

  • Hyper-V: Enabled
  • Data Execution Prevention: Enabled
  • Virtualization Technology (VTX): Enabled
  • VM Monitor Mode Extensions: Yes
  • Second Level Address Translation (VT-d or RVI): Enabled

@philberndt 

Hi,

had the same problem on Windows 10 1903 with VPNs. connecting host to a VPN, PPTP, would disable Internet in Sandbox.

but i'm on Windows insider build 18999 now (20H1) and it's been fixed for a few months now, so hopefully you'll see the change in the future Windows 10 stable build :)

Version history
Last update:
‎Dec 12 2022 11:07 AM
Updated by: