Windows Sandbox: A secure sandbox environment

The Windows Sandbox is a secure virtual operating system environment that runs on the main system to run and test programs, applications, and files of unknown or potentially dangerous origin. Starting with Windows 10 version 1903, Windows Sandbox became available for users working on computers running older versions of the OS in Professional (Windows 10 Pro), Corporate (Windows 10 Enterprise) and Educational (Windows 10 Education) editions of the system.

Quite often, users have to install or run various programs on the computer, including previously unknown programs. In some cases, it is impossible to predict the consequences in advance due to what the launched application can do: change system settings, infect with a virus, etc.

It is necessary to protect your PC from the occurrence of such problems: put a barrier to malicious and potentially dangerous software. The user can use several methods to help isolate programs or restore system states:

  • virtual machine;
  • a program for isolated launch of other applications;
  • program to “freeze” the system.

Using a special program, a virtual machine is created , on which a guest OS is installed, isolated from the host (main) system. Inside the virtual machine, you can safely run various files and programs.

The Sandboxie program creates a “sandbox” (isolated environment) on your computer, inside which you can install or test programs without affecting Windows.

A Windows freezing program, such as Toolwiz Time Freeze , saves the state of the system at the time the OS was started. After completion of work on the PC, the system returns to its original state, all changes are canceled.

Windows 10, Windows 8.1, Windows 8 have a built-in Hyper-V virtual machine – a hypervisor for installing guest operating systems in which you can test unfamiliar software.

Windows 10 has a new system component – the Sandbox, which I will discuss in the instructions in this article.

Sandbox for Windows 10

Sandbox Windows 10 allows you to run applications in a temporary secure environment, isolated from the main operating system. On the computer, a “clean” version of Windows 10 is launched in a separate window. After running suspicious files or unfamiliar programs in the “sandbox”, your computer will not be dangerous for viruses, and there will be no changes in system settings.

Running in the Windows Sandbox takes place in a kind of container, isolated from the main operating system. All changes made inside Windows Sandbox do not affect the host system in any way, are temporary and are deleted forever after the application is closed.

In essence, Windows Sandbox is a lightweight virtual machine that isolates the work environment from the sandbox, providing complete security for the main system.

Key features of the built-in Windows Sandbox:

  • Starting the system from a clean fox – inside the Sandbox, a “clean” Windows OS is launched, in the state of the system, which happens immediately after installation.
  • Destruction of traces – after closing the Sandbox, all files and installed applications inside the Windows Sandbox are deleted.
  • Security – to run Windows inside the Sandbox, a separate OS kernel is used, isolated from the main system.

The virtual OS is dynamically generated based on real Windows and takes up little space on the computer’s disk.

Please note that when using the Windows Sandbox and Hyper-V, VMware virtual machines will not start, due to the Windows User Account Protection settings settings. Running third-party virtual machines will become possible only after disabling and removing these system components.

We figured out what Windows Sandbox is, now the question arises of how to run this system component on a computer.

Windows Sandbox System Requirements

To comfortably use Windows Sandbox in Windows 10, your computer must meet certain system requirements:

  • Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, version 1903 and later.
  • 64-bit processor support.
  • Virtualization must be enabled in the BIOS or UEFI.
  • At least 4 GB of RAM (8 GB recommended).
  • At least 1 GB of free disk space (SSD is recommended).
  • Dual-core processor (quad-core with Hyper-threading support recommended).

It is possible to run the Windows Sandbox from a virtual machine. Enable CPU virtualization in the settings of a virtual machine created in VMware or VirtualBox. To enable virtualization in Hyper-V, run the following command in Windows PowerShell from within the virtual machine:

Set-VMProcessor -VMName {VMName} -ExposeVirtualizationExtensions $true

On a physical PC, check if virtualization is enabled on this device:

  1. Right-click on the Taskbar, select “Task Manager” from the context menu.
  2. In the Task Manager window, open the Performance tab.
  3. In the Central Processing Unit (CPU) settings, look for the “Virtualization” option.

If virtualization is disabled, go to the BIOS or UEFI settings to enable this setting. If you get error 0x80070002 when you turn on Windows Sandbox, install update KB4512941.

How to enable the Sandbox in Windows 10 – 1 way

Now we need to figure out how to enable Windows Sandbox in Windows 10. The free Windows 10 Sandbox is included in the components of the operating system.

You will need to enter Windows Components, to do this, follow these steps:

  1. Press the “Win” + “R” keys.
  2. In the “Run” dialog box, type the command “optionalfeatures” (without quotes), press “Enter”.
  3. In the “Turn Windows features on or off” window, check the box next to “Windows Sandbox”.
  4. Click on the “OK” button.
  5. The search for the required files will begin, and then the changes will be applied.
  6. Restart your computer to complete the installation of the component.

How to enable Windows Sandbox in Windows 10 – Method 2

You can enable the Windows Sandbox using Windows PowerShell:

  1. Right-click on the Start menu, click on “Windows PowerShell (Admin)”.
  2. In the “Windows PowerShell” window, type the command, and then press the “Enter” key:
Enable-WindowsOptionalFeature –FeatureName "Containers-DisposableClientVM" -All -Online
  1. After the command is completed, press the “Y” key, then “Enter”, after which the system will reboot.

Enabling the Windows 10 Sandbox on the Command Prompt – Method 3

We will now enable the Windows Sandbox component from the command line.

  1. Run command prompt as administrator.
  2. In the command line interpreter window, enter the command, and then press the “Enter” key:
Dism /online /Enable-Feature /FeatureName:"Containers-DisposableClientVM" -All
  1. At the end, a message will appear stating that the operation was completed successfully, press the “Y” key to restart the PC.

How to disable the Windows Sandbox

If necessary, the user can disable the Windows Sandbox in the system components.

1 way:

  1. Sign in to Windows Components.
  2. Uncheck the box next to Windows Sandbox.
  3. Restart your computer.

2 way:

  1. Run Windows PowerShell as an administrator.
  2. Run the command:
Disable-WindowsOptionalFeature –FeatureName "Containers-DisposableClientVM" -Online
  1. Wait for the disabling of functions to complete, in the dialog “Do you want to restart your computer now to complete this operation?” press the “Y” and “Enter” keys alternately, restart the PC.

3 way:

  1. Run command prompt as administrator.
  2. Run the command:
Dism /online /Disable-Feature /FeatureName:"Containers-DisposableClientVM"
  1. After completing the removal of the component, press the “Y” key to restart the computer.

How to install Sandbox in Windows 10 Home (Windows 10 Home)

Users of the Windows 10 Home edition were left out, as Microsoft felt that such functionality was not needed by ordinary users.

It is possible to install the Windows 10 Sandbox on Windows 10 Home (Windows 10 Home) 1903 and higher. Your PC must meet the system requirements for the application to work.

Follow these steps:

  1. Download the sandbox-installer.zip archive to your computer.
  2. Unpack the archive using the system tool or using a third-party archiver.
  3. Run the “Sandbox Installer.bat” file.
  4. A command prompt window will open to install the Windows Sandbox feature on a PC running Windows 10 Home.
  5. After finishing the package installation process, press the “Y” key when prompted, and then press “Enter” to restart the computer to apply the settings.

The Windows Sandbox will appear in Windows Components, which can be enabled in the home version of the system. Windows Sandbox will be based on Windows Home.

If the sandbox is no longer needed, disable the component in the operating system settings. Despite the installation, this component may not work in the home version of Windows.

Microsoft releases “big”, “major” updates to Windows 10 every six months. In fact, this is a reinstallation of the system by updating. As a result, Windows Sandbox features in Windows 10 Home will be disabled on the computer. Therefore, you will have to repeat the procedure for installing the Sandbox.

How to run the Windows Sandbox

The system component is installed on the PC, now I will talk about how to run Windows Sandbox on Windows 10.

  1. Enter the start menu.
  2. Find “Windows Sandbox” in the list of programs.
  3. Right-click on the application, first select “Advanced” and then “Run as administrator”.

The application logo appears on the desktop of the computer, and then the Windows Sandbox window opens.

Using the Windows Sandbox

Inside your OS, a “clean” Windows 10 is running on your desktop. The version of the system that runs in a virtual environment always corresponds to the Windows installed on the computer. By default, the applications included with the operating system are installed in the Sandbox.

Now, for testing, you can install the desired program by downloading the application from the Internet in the sandbox itself using a virtual system, or copy the file from the PC and then paste it into Windows Sandbox from the host system (main OS). Only one copy of the Windows Sandbox is running on a PC.

The Windows Sandbox app can be expanded to full screen. In the expanded window, in the upper part there is a panel for managing the isolated environment.

After closing the Windows Sandbox, all content will be permanently lost. A window will open on the screen with a warning about deleting all data without the possibility of recovery.

To create configuration files (WSB) of the Windows Sandbox, a free Windows Sandbox Editor program has been created, in which you can configure the component to work in a safe environment.

Article Conclusions

Windows 10, starting with version 1903, has a built-in system component – the Windows Sandbox, designed to run files in a secure environment of a virtual environment isolated from the main system installed on the computer. After enabling the component, the user will be able to safely run files and programs without risk to their computer. After the work is completed, all data inside the Sandbox is destroyed, without the possibility of recovery.

Leave a Reply

Your email address will not be published.