Windows Sandbox
Windows Sandbox
Hello, today I’m introducing a new feature: the sandbox!
The Windows Sandbox is a Windows 10 feature that allows you to run applications in an isolated, lightweight, and secure environment. If you’re like most Windows users, you might have installed a number of applications on your computer over the years. Some of these applications may be essential for your work or personal life, while others may be entertainment programs or maintenance utilities.
But what if you want to try out a new application without setting it up on your main computer? Or you want to run a risky application without damaging your system? That’s where Windows Sandbox comes into play.
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment stays “sandboxed” and runs separately from the host computer. This means software and applications installed on the host are not directly available in the sandbox. If you need specific applications in the Windows Sandbox environment, you must explicitly install them within the environment.
A sandbox is temporary. When closed, all software, files, and states are deleted. Each time you open the application, you get a fresh instance of the sandbox. Note, however, that starting with Windows 11 build 22509, your data is preserved through a restart initiated from the virtualized environment, which is useful for installing applications that require an OS restart.
Windows Sandbox has the following properties:
- Part of Windows: Everything required for this feature is included in Windows 10/11 Professional and Enterprise. No need to download a virtual hard disk.
- Pristine: Each time Windows Sandbox runs, it is as clean as a brand-new installation of Windows.
- Disposable: Nothing persists on the device. Everything is discarded when the user closes the application.
- Secure: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
- Efficient: Leverages integrated kernel scheduler, smart memory management, and virtual GPU.
Windows Sandbox is a convenient tool for Windows users who want to try new applications without compromising the security of their main computer. If you’re interested in using Windows Sandbox, make sure you have a version of Windows 10/11 Professional or Enterprise and follow your computer’s instructions to enable this feature. You can also check Microsoft’s documentation for more details on using Windows Sandbox.
Installation
To install and use Windows Sandbox on your computer, you need Windows 10 Professional or Enterprise, build version 18305, or Windows 11. You must also enable virtualization on your computer.
If you’re using a physical machine, you’ll need to enable virtualization features in the BIOS.
If you’re using a virtual machine, you can use the PowerShell command Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true to enable nested virtualization.
Next, use the Windows Optional Features tool to enable Windows Sandbox and restart your computer if necessary.
You can also use the PowerShell command below to enable Windows Sandbox:
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online
Usage
Once Windows Sandbox is installed, you can find and launch it from the Start menu. To use Windows Sandbox, copy an executable file (and any other files needed to run the application) from your host computer and paste them into the Windows Sandbox window. Run the executable or installer in the sandbox, then close the sandbox when you’re done. Note that Windows Sandbox does not use the host computer’s mouse settings, so if you use a right-handed mouse on your host, you’ll need to manually apply those settings in Windows Sandbox.
That’s it! I hope you find this useful. Enjoy!
