My first look at Windows Sandbox

Earlier this week, Windows Insiders who were part of the Fast Ring, got their first glimpse of an isolated desktop environment called Windows Sandbox.

Windows 10 Insider Preview Build 18305 contains this new capability that will allow users to test out applications, untrusted or otherwise, without the fear of it destroying their existing their existing desktop environment.

Through the magic of the Windows hypervisor (and some Windows Containers goodness), this isolated non-persistent environment looks just like a Windows 10 virtual machine with its own file system, registry, and network connectivity, but is walled off from your actual desktop protecting it from any rogue-ness that could otherwise render your installation unusable.

Enabling Windows Sandbox

Enable Windows Sandbox in Control Panel, All/Remove Windows Features.

If you’re on the Fast Ring and have upgraded to build 18305, then enabling Windows Sandbox is pretty simple. Navigate to Control Panel, Add/Remove Programs, Turn Windows features on or off, then in the list of Windows features, scroll down till you find Windows Sandbox and check the box next to it. Windows will do the necessary file configuration to enable the feature and will also trigger a reboot.

Starting Windows Sandbox for the first time

Windows Sandbox appears in the Start menu with the rest of your installed apps.

Once you’ve rebooted, Windows Sandbox shows up like any other application in your start menu. You can search for it and then click on it to start it. The initial launch can take longer on some machines depending on your hardware specs; my Surface Book with a Core i7 and 16 GB of RAM took less than 30 seconds to start the instance. According to Microsoft, that initial launch will take the longest; subsequent launches should be quicker…However, keep in mind, this is much like launching a VM so temper your expectations.

How did it work?

Noting that this is a early pre-release feature, I was somewhat impressed with how it worked and what the long term benefit could be. It has full network connectivity and runs just like your desktop, with a little bit of lag. Microsoft has mentioned that this release has a few issues with things like slow start menu response among others, but I’d expect things like that with this early release.

For basic application testing, this could be pretty useful, especially if you’re just wanting to run something without fear of compromising existing data or security. This would be the perfect solution if you’re concerned about any dodgy Internet downloads, or as a “sandbox” for code you’ve developed, which is how I intended it to use it.

Through the course of trying it out, I did find that my software firewall was blocking the network connection coming from the sandbox, but once I realized what was causing it, I was able to restore connectivity to the Internet for the sandbox.

Also, I wanted to test out some code that I developed for Microsoft Outlook, but wasn’t able to successfully install Office 365 in the sandbox through several attempts which just resulted in failure codes with the Office installer. I still haven’t resolved that, so I’ll wait for the next build. As a side note, the installer wouldn’t relaunch, so I tried to reboot the sandbox. A couple of things to note with that – The sandbox gave me a Windows Container error when I tried to reboot and I had to “end task” what I was doing from the host, and secondly, if I did reboot or relaunch the sandbox, because it is non-persistent, everything I would’ve configured would be gone anyway.

Wrap-up

Windows Sandbox is going to provide an easy way to test within Windows 10 without using a Hyper-V instance or 3rd party product like VMware Workstation. What’s left to be determined is how feasible the use of Sandbox is over a traditional hypervisor instance and if the features provided will stack up to the existing capabilities.

Additional reading