Very practical feature, some tests can be run in the sandbox without damaging the host, no need to configure a virtual machine.
Windows Sandbox provides a lightweight desktop environment where applications can run safely in an isolated state. Software installed in the Windows Sandbox environment remains in a "sandbox" state and runs separately from the host.
The sandbox is temporary. When closed, the system will delete all software, files, and states. Each time the application is opened, a brand new instance of the sandbox is obtained. However, please note that starting from Windows 11 Insider Preview Build 22509, data will be preserved through a restart initiated from within the virtualized environment, which is useful for installing applications that require a restart of the operating system.
Software and applications installed on the host do not appear directly in the sandbox. If a specific application needs to be run in the Windows Sandbox environment, the corresponding application must be installed within the sandbox environment.
Windows Sandbox has the following attributes:
- Component of Windows: Everything required for this feature is included in Windows 10 Pro and Enterprise editions. No need to download VHD.
- Native: Each time Windows Sandbox runs, it is clean like a freshly installed Windows.
- Disposable: No content is retained on the device. When the user closes the application, the system discards all content.
- Secure: Kernel isolation using hardware-based virtualization. It relies on Microsoft's hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
- Efficient: Integrated kernel scheduler, intelligent memory management, and virtual GPU.
Important
Windows Sandbox enables network connectivity by default. You can disable it using a sandbox configuration file Windows Sandbox configuration file.
Windows Versions and Licensing Requirements#
The following table lists the Windows versions that support Windows Sandbox:
Windows 10 Pro | Windows 10 Enterprise | Windows 10 Pro Education/SE | Windows 10 Education |
---|---|---|---|
Yes | Yes | Yes | Yes |
Windows Sandbox licensing rights are granted by the following licenses:
Windows 10 Pro/Pro Education/SE | Windows 10 Enterprise E3 | Windows 10 Enterprise E5 | Windows 10 Education A3 | Windows 10 Education A5 |
---|---|---|---|---|
Yes | Yes | Yes | Yes | Yes |
For more information about Windows licensing, see Windows Licensing Overview.
Prerequisites#
- ARM64 (for Windows 11 version 22H2 and later) or AMD64 architecture for ARM64.
- Virtualization feature enabled in BIOS.
- At least 4GB of memory (8GB recommended).
- At least 1GB of available disk space (SSD recommended).
- Hyperthreading recommended (at least two CPU cores).
Note
Windows Home edition currently does not support Windows Sandbox.
Installation#
-
Make sure your computer is running Windows 10 Pro or Enterprise edition with build number 18305 or Windows 11.
-
Enable virtualization feature in your computer.
-
If you are using a physical computer, make sure virtualization feature is enabled in BIOS.
-
If you are using a virtual machine, run the following PowerShell command to enable nested virtualization feature:
PowerShell codeSet-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
-
-
Use the search bar on the taskbar and type Turn Windows features on or off to access the Windows Optional Features tool. Select "Windows Sandbox" and click "OK". If prompted to restart your computer, do so.
If the "Windows Sandbox" option is not available, it means your computer does not meet the requirements to run Windows Sandbox. If you believe this analysis is incorrect, please review the prerequisites list and steps 1 and 2.
NoteTo enable Sandbox using PowerShell, open PowerShell as an administrator and run the following command:
PowerShell code
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online
-
Find and select "Windows Sandbox" from the Start menu to run it for the first time.
NoteWindows Sandbox does not follow the mouse settings of the host system, so if the host system is set to use the left-handed mouse, you must manually apply these settings in Windows Sandbox when it starts. Alternatively, you can run a login command using a sandbox configuration file to swap the mouse settings. For an example, see Example 3.
Usage#
- Copy an executable file (and any other files required to run the application) from the host and paste them into the "Windows Sandbox" window.
- Run the executable file or installer in the sandbox.
- After completing the experiment, close the sandbox. A dialog box will appear asking if you want to discard and permanently delete all sandbox content. Select "OK".
- Confirm that the host does not display any modifications made in Windows Sandbox.