Microsoft has introduced a new lightweight Virtual Environment feature called “Windows Sandbox” that allows Windows Admins run suspected software to saving the main system from the potential threats. Today with Windows 10 19H1 Preview build 18305 Microsoft explained in the blog post

“Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted,”

Windows Sandbox Feature

What is Windows Sandbox?

Windows Sandbox is a new virtualization feature that provides the safer way to run programs you don’t trust. When you run Windows Sandbox the feature creates “an isolated, temporary desktop environment” on which to run an app, and once you’ve finished with it, the entire sandbox is deleted – everything else on your PC is safe and separate. That means You don’t need to set up a virtual machine But you must enable virtualization capabilities in the BIOS.

According to MicrosoftWindows Sandbox uses a new technology called “integrated scheduler,” which allows the host to decide when the sandbox runs. And provides a temporary desktop environment where Windows admins can safely test untrusted software.

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
  • Disposable – nothing persists on the device; everything is discarded after you close the application.
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host.
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU.

How to Enable Windows Sandbox on Windows 10

Windows Sandbox feature only available for users running Windows 10 Pro or Enterprise Editions build 18305 or newer. Here the Prerequisites for using the feature

  • Windows 10 Pro or Enterprise Insider build 18305 or later
  • AMD64 architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • At least 1 GB of free disk space (SSD recommended)
  • At least 2 CPU cores (4 cores with hyperthreading recommended)

Enable Virtualization Capabilities on BIOS

  1. Power on the machine and open the BIOS (Press Del key).
  2. Open the Processor submenu The processor settings/configuration menu may be hidden in the Chipset, Advanced CPU Configuration or Northbridge.
  3. Enable Intel Virtualization Technology (also known as Intel VT) or AMD-V depending on the brand of the processor.

Enable Virtualization Capabilities on BIOS4. If you are using a virtual machine, enable nested virtualization with this PowerShell cmd

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Enable Windows Sandbox Feature

Now we need to enable Windows Sandbox from Windows Features, to do this

Open Windows features from start menu search.

open Windows features

  1. Here on Turn Windows Features on or off box scroll down and check mark option next to Windows Sandbox. 
  2. Click ok to allow windows 10 enable Windows Sandbox feature for you.
  3. This will take a few minutes and after that restart Windows to apply the changes.

Check mark Windows Sandbox Feature

Use Windows Sandbox Feature, (Install App inside Sandbox)

  • To use and Create a Windows sandbox environment, open the Start menu, type Windows Sandbox and select the top result.

Sandbox is a fully featured version of Windows, it’s first run will boot Windows as normal.  And to avoid each time booting Windows Sandbox will create a snapshot of the virtual machine’s state after its first boot. This snapshot will then be used for all subsequent launches in order to avoid the boot process and substantially decrease the time it take for the Sandbox to become available.

  • Now Copy an executable file from the host
  • Paste the executable file in the window of Windows Sandbox (on the Windows desktop)
  • Run the executable in the Windows Sandbox; if it is an installer go ahead and install it
  • Run the application and use it as you normally do

Windows Sandbox Feature

When you’re done experimenting, you can simply close the Windows Sandbox application. And all sandbox content will be discarded and permanently deleted.