Windows Sandbox — light weight playground for R&D, tutorials and workshops

Windows Sandbox to me is a light weight Windows 10 virtual machine that I can quickly start and stop and use to install and run programs. The Windows Sandbox provides a well defined, clean environment that is fresh every time it is started. Inside the Sandbox, I can create an isolated environment for working through a tutorial or the labs in a workshop or for doing R&D to stuff I do not want (yet) in my regular Windows environment. One instance of the Sandbox can run at any one time.

Image for post
Image for post

The Sandbox has its own IP address. I can access applications running in the Sandbox over HTTP and vice versa (if I want to, I can define firewall rules to prevent this cross-boundary traffic). I can copy and paste files to and from the Sandbox. Additionally, I can configure mapped folders — folders from the Windows host to appear in the Sandbox. Apps in the Sandbox are run under the user account “WDAGUtilityAccount”. Hence, all folders are mapped under the following path: C:\Users\WDAGUtilityAccount\Desktop.

Windows Sandbox is based on Hyper-V, but does not require users to activate the hypervisor themselves. It is not necessary to install a guest operating system in the VM either; rather, it is generated automatically from the binaries of the host OS (see this article on the Windows Sandbox).

Sandbox configurations (XML files with wsb extension) can be prepared and used to start a Sandbox from.

Image for post
Image for post

You can configure host directories — on the regular Windows environment — to be mapped into the Sandbox. You may also specify Startup Scripts- PowerShell scripts to execute when the Sandbox is started, that can prepare — configure, install — the sandbox for what you want to do to it. The Windows Sandbox Editor is a GUI tool to edit Sandbox configuration files.

Note: Windows Sandbox is introduced in Windows 1903 — installed yesterday on my laptop.

To Get Started Quickly

To use Windows Sandbox, the feature must be turned on:

Image for post
Image for post

The the usual steps:

Image for post
Image for post

followed by

Image for post
Image for post

and

Image for post
Image for post

followed by a System Reboot.

After the reboot completed, sure enough: Windows Sandbox has become available.

Image for post
Image for post

I run as Administrator (I am not sure it is required, but it is certainly recommended).

This Sandbox startup logo appeared for a few seconds

Image for post
Image for post

and then a fresh Windows desktop appeared. Inside my regular Windows desktop. A Windows virtual environment — fresh and clean as freshly fallen snow.

Image for post
Image for post

Some apps are available on this pristine environment — including the Edge browser and Powershell

Image for post
Image for post

Just for kicks, I opened Edge, browsed to Visual Studio Code and installed the latest version of VS Code — basically to see whether it works and works any differently from regular, outside-the-sandbox actions. And of course it feels quite the same:

Image for post
Image for post

(although I had to install the Server edition — because I am running the Sandbox as Admin it seems)

Image for post
Image for post

And Install it:

Image for post
Image for post

I am not sure what I was expecting — and of course nothing special happened:

Image for post
Image for post

and

Image for post
Image for post

VS Code running in the Sandbox. No big deal. Nice thing: it did not interfere, potentially mess with my regular environment. Not that VS Code is such a big threat, but it is the principal that matters.

The file system looks squeaky clean — mine never does apart from the first few minutes after I have collected my new laptop.

Image for post
Image for post

Then for more kicks I installed Node:

Image for post
Image for post

To find out if I can run a Node application that handles HTTP requests and send HTTP requests from outside the Sandbox. Turns out (spoiler alert) that I can.

Image for post
Image for post

I also installed GitKraken to give it a try, cloned a GitHub repo with a Node application to handle HTTP requests, ran that application

Image for post
Image for post

Figured out the IP address for the Sandbox (just use IP Config; in blue is the Sandbox, in black the Windows host):

Image for post
Image for post

And accessed the Node application from a browser on the Windows host — so from outside the Windows Sandbox:

Image for post
Image for post

Close the Sandbox environment:

Image for post
Image for post

And press OK to be done with it.

Starting a new and fresh Sandbox takes just a few seconds.

Run a Sandbox with Host Folder Mapping and auto-installation of Software

Using a simple wsb file, taken from this article, I can configure a Sandbox — with a mapped folder from the Windows host and with a startup scripts to install Visual Studio Code.

The wsb file contains the following XML definition:

<Configuration> 
<MappedFolders>
<MappedFolder>
<HostFolder>C:\SandboxScripts</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
<MappedFolder>
<HostFolder>C:\CodingProjects</HostFolder>
<ReadOnly>false</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand> <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command>
</LogonCommand>
</Configuration>

This startup script lives in the directory c:\SandboxScripts on the Windows Host (that will be mapped to C:\users\wdagutilityaccount\desktop\SandboxScripts in the Sandbox):

REM Download VSCode 
curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
REM Install and run VSCode
C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes

Starting the Sandbox by running the wsb script works well.

Image for post
Image for post

It takes about 5 seconds to start the Sandbox and one minute for the installation of VS Code to be complete. As an alternative, the installer could be available in the folder mapped to the Sandbox and executed from there. This brings down the time to get coding in VS Code to less than 10 seconds.

Image for post
Image for post

Resources

Configure Windows Sandbox options: Network, Shared Folders, Startup Scripts — https://4sysops.com/archives/configuring-windows-sandbox-network-mapped-folders-and-startup-scripts-using-a-free-gui-tool/

Disable Network traffic between Sandbox and Host: https://medium.com/@rootsecdev/windows-sandbox-9762291e1f54

Tips on using Windows Sandbox: https://www.digitaltrends.com/computing/how-to-use-windows-sandbox/

Utility to run EXE, PS1, MSI or ZIP file in Sandbox from context (right click) menu in File Explorer: http://www.systanddeploy.com/2019/06/run-file-in-windows-sandbox-from-right.html

Details on WSB file format — https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file

More details and examples of preparing a WSB configuration file: https://www.tenforums.com/tutorials/143381-windows-sandbox-how-configure-windows-10-a.html

Originally published at https://technology.amis.nl on April 25, 2020.

Written by

Lucas Jellema is solution architect and CTO at AMIS, The Netherlands. He is Oracle ACE Director, Groundbreaker Ambassador, JavaOne Rockstar and programmer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store