About the Windows Sandbox


Starting with Windows 10 May 2019 update, there is a new Windows Sandbox feature, which, despite its name, is based on Windows Containers.

You’ll need Windows Pro or Enterprise Edition, Insider build 18305 or higher. I was on the release build 18362 at time of writing. Alas, this feature is not available on Windows Home. Also, you’ll need nested virtualization enabled (probably in BIOS). If you meet these requirements, head over to Windows Features and check Windows Sandbox:

Windows Features - enabling Windows Sandbox

For the Tech Inclined

The summary below is from this Microsoft Tech Community post.

The underlying container technology starts a new “snapshot” instance of Windows from a “dynamic base image” of Windows image that “links” to the actual files on the Host. It shares memory and CPU resources via “direct map” to the Host memory pages and uses the Host’s “integrated (CPU) scheduler.” Plus there is “graphics virtualization” and “pass through” to access the Host’s GPU and battery status (and presumably other resources too). These make the container much lighter than a full VM, while (supposedly) being sufficiently isolated from the Host.

The Windows Sandbox is totally different conceptually from the macOS Sandbox. On macOS, the Sandbox isolates apps from critical OS functions via kernel-level access control. I’ve posted about how to configure the macOS sandbox to “lockdown” apps before.

For Everybody Else

Here I’m running Edge and Edge Beta. Edge Beta uses the open-source Chromium engine used by Google Chome and other browsers (not Safari, in case you are wondering).

Windows Sandbox - testing HTML5 with Edge and Edge Beta

Just know the bad:

  • You can’t deploy a different version of Windows or run other OS’s - use Hyper-V for that.
  • You can’t actually save the sandbox and all data is transient - once it’s closed, everything you did in the sandbox is gone.
  • On my version, it’s an unactivated version of Windows, so you can’t change many settings to test them.
  • Since most of the default Windows apps are not actually “installed” you will get context menu errors and errors running applications like Store, Mail, and so on. In the screenshot below, the Start Menu icons in are all blank and either don’t do anything or display error messages:

Windows sandbox - errors and non-functioning apps

And the good:

  • You can, however, copy and paste text, images and even files in and out of your Host OS.
  • Great for trying out apps, scripts, etc. fast!
  • And, when opened but doing nothing in the background, only uses less than 50 MB of RAM and zero CPU on my Host!