Tag: Windows Sandbox

Windows Sandbox

How to configure Windows Sandbox

With the latest release of Windows 10 (1903), Microsoft introduced a new feature called Windows Sandbox. Windows Sandbox is based on Hyper-V technology and allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. In this blog post, I will show you how you can set up and configure Windows Sandbox in Windows 10. I will also cover how you can do an advanced configuration of your Windows Sandbox using Windows Sandbox config files.

The sandbox is great for demos, troubleshooting or if you are dealing with malware. If you close the sandbox, all the software with all its files and state are permanently deleted. It is a Windows 10 virtual machines, with the advantage that it is built into Windows 10, so it leverages the existing OS, which gives you faster startup, less footprint, better efficiency, and easier handling, without losing security.

Dynamic Image

Source: Microsoft

Windows Sandbox is a lightweight virtual machine with an operating system. The significant advantage which makes it so small is the usage of existing files from the host, for data which cannot change. For the files which can change, it uses a dynamically generated image, which is only ~100MB in size.

There are much more exciting things happening with the Windows Sandbox like smart memory management, Integrated kernel scheduler, Snapshot and clone, Graphics virtualization and Battery pass-through. If you want to find out more about the Windows Sandbox, check out the official blog post.

Prerequisites

Windows Sandbox comes with a couple of requirements. How more powerful your machine is, the better the experience will be.

  • Windows 10 (1903) Pro or Enterprise build 18362 or later
  • 64-bit architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • 1GB of free disk space (SSD recommended)
  • 2 CPU cores (4 cores with hyperthreading recommended)


Windows Sandbox

Windows Sandbox – Isolated Windows Desktop

Today Microsoft announced a new feature called Windows Sandbox. Windows Sandbox is built based on Windows Container technology, which allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. The software you run and install in the Windows Sandbox does not affect the host. If you shut down the Windows Sandbox all changes and all software you installed in the Sandbox are gone again. This sounds very similar to the technology Windows Defender Application Guard already used to build a sandbox environment for Microsoft Edge.

Windows Sandbox Overview

Windows Sandbox

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

Windows Sandbox brings the advantages of Windows Containers and also adds a desktop. If you compare this to a Windows 10 Virtual Machine, the Windows Sandbox will consume much fewer resources, it starts up match faster and will be much more efficient with hardware resources. You can think of it like a lightweight virtual machine, which can share the same hardware but also the same kernel and memory as the host system (like a container).