Windows Sandbox to me is a light weight Windows 10 virtual machine that I can quickly start and stop and use to install and run programs. The Windows Sandbox provides a well defined, clean environment that is fresh every time it is started. Inside the Sandbox, I can create an isolated environment for working through a tutorial or the labs in a workshop or for doing R&D to stuff I do not want (yet) in my regular Windows environment. One instance of the Sandbox can run at any one time.
The Sandbox has its own IP address. I can access applications running in the Sandbox over HTTP and vice versa (if I want to, I can define firewall rules to prevent this cross-boundary traffic). I can copy and paste files to and from the Sandbox. Additionally, I can configure mapped folders – folders from the Windows host to appear in the Sandbox. Apps in the Sandbox are run under the user account “WDAGUtilityAccount”. Hence, all folders are mapped under the following path: C:\Users\WDAGUtilityAccount\Desktop.
Windows Sandbox is based on Hyper-V, but does not require users to activate the hypervisor themselves. It is not necessary to install a guest operating system in the VM either; rather, it is generated automatically from the binaries of the host OS (see this article on the Windows Sandbox).
Sandbox configurations (XML files with wsb extension) can be prepared and used to start a Sandbox from.
You can configure host directories – on the regular Windows environment – to be mapped into the Sandbox. You may also specify Startup Scripts- PowerShell scripts to execute when the Sandbox is started, that can prepare – configure, install – the sandbox for what you want to do to it. The Windows Sandbox Editor is a GUI tool to edit Sandbox configuration files.
Note: Windows Sandbox is introduced in Windows 1903 – installed yesterday on my laptop.
To Get Started Quickly
To use Windows Sandbox, the feature must be turned on:
The the usual steps:
followed by a System Reboot.
After the reboot completed, sure enough: Windows Sandbox has become available.
I run as Administrator (I am not sure it is required, but it is certainly recommended).
This Sandbox startup logo appeared for a few seconds
and then a fresh Windows desktop appeared. Inside my regular Windows desktop. A Windows virtual environment – fresh and clean as freshly fallen snow.
Some apps are available on this pristine environment – including the Edge browser and Powershell
Just for kicks, I opened Edge, browsed to Visual Studio Code and installed the latest version of VS Code – basically to see whether it works and works any differently from regular, outside-the-sandbox actions. And of course it feels quite the same:
(although I had to install the Server edition – because I am running the Sandbox as Admin it seems)
And Install it:
I am not sure what I was expecting – and of course nothing special happened:
VS Code running in the Sandbox. No big deal. Nice thing: it did not interfere, potentially mess with my regular environment. Not that VS Code is such a big threat, but it is the principal that matters.
The file system looks squeaky clean – mine never does apart from the first few minutes after I have collected my new laptop.
Then for more kicks I installed Node:
To find out if I can run a Node application that handles HTTP requests and send HTTP requests from outside the Sandbox. Turns out (spoiler alert) that I can.
Figured out the IP address for the Sandbox (just use IP Config; in blue is the Sandbox, in black the Windows host):
And accessed the Node application from a browser on the Windows host – so from outside the Windows Sandbox:
Close the Sandbox environment:
And press OK to be done with it.
Starting a new and fresh Sandbox takes just a few seconds.
Run a Sandbox with Host Folder Mapping and auto-installation of Software
Using a simple wsb file, taken from this article, I can configure a Sandbox – with a mapped folder from the Windows host and with a startup scripts to install Visual Studio Code.
The wsb file contains the following XML definition:
<Configuration> <MappedFolders> <MappedFolder> <HostFolder>C:\SandboxScripts</HostFolder> <ReadOnly>true</ReadOnly> </MappedFolder> <MappedFolder> <HostFolder>C:\CodingProjects</HostFolder> <ReadOnly>false</ReadOnly> </MappedFolder> </MappedFolders> <LogonCommand> <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command> </LogonCommand> </Configuration>
This startup script lives in the directory c:\SandboxScripts on the Windows Host (that will be mapped to C:\users\wdagutilityaccount\desktop\SandboxScripts in the Sandbox):
REM Download VSCode curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe REM Install and run VSCode C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
Starting the Sandbox by running the wsb script works well.
It takes about 5 seconds to start the Sandbox and one minute for the installation of VS Code to be complete. As an alternative, the installer could be available in the folder mapped to the Sandbox and executed from there. This brings down the time to get coding in VS Code to less than 10 seconds.
Configure Windows Sandbox options: Network, Shared Folders, Startup Scripts – https://4sysops.com/archives/configuring-windows-sandbox-network-mapped-folders-and-startup-scripts-using-a-free-gui-tool/
Disable Network traffic between Sandbox and Host: https://medium.com/@rootsecdev/windows-sandbox-9762291e1f54
Tips on using Windows Sandbox: https://www.digitaltrends.com/computing/how-to-use-windows-sandbox/
Utility to run EXE, PS1, MSI or ZIP file in Sandbox from context (right click) menu in File Explorer: http://www.systanddeploy.com/2019/06/run-file-in-windows-sandbox-from-right.html
More details and examples of preparing a WSB configuration file: https://www.tenforums.com/tutorials/143381-windows-sandbox-how-configure-windows-10-a.html