K
Kate Li
Guest
Recently, the most popular word about Windows 10 should be Sandbox. As a TechNet forum user, you should know what Sandbox is or what it can bring us. In today’s article, we will give a clear and detailed introduction of this new feature. Let’s get started.
The first question: what is Windows Sandbox?
Windows sandbox is an isolated, temporary, desktop environment, where you can run untrusted software without the fear of lasting impact on your PC.
In other words, any software installed in Windows Sandbox stays only in the sandbox and cannot affect the host. Once we close Sandbox, all the software with all its files and state will be permanently deleted.
Ok, sounds good, then
The second question: how can we enable/start sandbox? Do we need to download and install it particularly?
No, don’t need to do any complex operation!
Windows Sandbox is a part of Windows, everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD or a package! Windows dynamically generates a clean snapshot OS based on the Host OS on your machine.
Meanwhile, every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
Prerequisites for Sandbox:
Windows 10 Pro or Enterprise Insider build 18305(19h1) or later
AMD64 architecture
Virtualization capabilities enabled in BIOS
At least 4GB of RAM (8GB recommended)
At least 1 GB of free disk space (SSD recommended)
At least 2 CPU cores (4 cores with hyperthreading recommended)
Important:
Cannot upgrade to 18305 version? Please check our previous content [New Feature] Light theme is coming in new version of Windows 10 19H1 released, which tell us how to become an insider and upgrade current system to Previewer version.
Make sure that your BIOS has virtualization capabilities enabled.
Enable virtualization:
If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Enable Sandbox
Once we meet above prerequisites, we can go to Windows features to enable Windows Sandbox directly.
Once the Windows Sandbox is installed, you can launch it the same process as any other app or program. Just run it in the Start menu and accept the UAC prompt giving it administrative privileges. You’ll then be able to drag and drop files and programs into the Sandbox to test as you need.
<o
></o>
Addition information:
Technical backstopping:
Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. Microsoft took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.
Technical Core:
Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. The ability to use a copy of the Windows 10 installed on user’s computer, instead of downloading a new VHD image is the key point.
Development team’s solution is to construct “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.
When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.
Performance enhancement:<o></o>
After kernel technology introduction, let’s look at the theory that why Sandbox has a smooth user experience?<o></o>
Hardware accelerated rendering, which is the key point, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.<o></o>
More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.<o></o>
At a high level, this form of graphics virtualization works as follows:<o></o>
Apps running in a Hyper-V VM use graphics APIs as normal.<o></o>
Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.<o></o>
The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.<o></o>
This process is illustrated below:<o></o>
This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.
Feedback
You can use the traditional Feedback Hub if you have any issues or suggestions.
That’s all, thanks for watching, look forward to meeting you again in the future!<o></o>
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
More...
The first question: what is Windows Sandbox?
Windows sandbox is an isolated, temporary, desktop environment, where you can run untrusted software without the fear of lasting impact on your PC.
In other words, any software installed in Windows Sandbox stays only in the sandbox and cannot affect the host. Once we close Sandbox, all the software with all its files and state will be permanently deleted.
Ok, sounds good, then
The second question: how can we enable/start sandbox? Do we need to download and install it particularly?
No, don’t need to do any complex operation!
Windows Sandbox is a part of Windows, everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD or a package! Windows dynamically generates a clean snapshot OS based on the Host OS on your machine.
Meanwhile, every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
Prerequisites for Sandbox:
Windows 10 Pro or Enterprise Insider build 18305(19h1) or later
AMD64 architecture
Virtualization capabilities enabled in BIOS
At least 4GB of RAM (8GB recommended)
At least 1 GB of free disk space (SSD recommended)
At least 2 CPU cores (4 cores with hyperthreading recommended)
Important:
Cannot upgrade to 18305 version? Please check our previous content [New Feature] Light theme is coming in new version of Windows 10 19H1 released, which tell us how to become an insider and upgrade current system to Previewer version.
Make sure that your BIOS has virtualization capabilities enabled.
Enable virtualization:
If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS.
If you are using a virtual machine, enable nested virtualization with this PowerShell cmdlet:
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Enable Sandbox
Once we meet above prerequisites, we can go to Windows features to enable Windows Sandbox directly.
Once the Windows Sandbox is installed, you can launch it the same process as any other app or program. Just run it in the Start menu and accept the UAC prompt giving it administrative privileges. You’ll then be able to drag and drop files and programs into the Sandbox to test as you need.
<o></o>Addition information:
Technical backstopping:
Windows Sandbox builds on the technologies used within Windows Containers. Windows containers were designed to run in the cloud. Microsoft took that technology, added integration with Windows 10, and built features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.
Technical Core:
Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. The ability to use a copy of the Windows 10 installed on user’s computer, instead of downloading a new VHD image is the key point.
Development team’s solution is to construct “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system. We call this instance the “base image” for Windows Sandbox, using Windows Container parlance.
When Windows Sandbox is not installed, we keep the dynamic base image in a compressed package which is only 25MB. When installed the dynamic base package it occupies about 100MB disk space.
Performance enhancement:<o
></o>After kernel technology introduction, let’s look at the theory that why Sandbox has a smooth user experience?<o
></o>Hardware accelerated rendering, which is the key point, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments; e.g. Microsoft RemoteFX.<o
></o>More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.<o
></o>At a high level, this form of graphics virtualization works as follows:<o
></o>Apps running in a Hyper-V VM use graphics APIs as normal.<o
></o>Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.<o
></o>The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually they behave as one pool of graphics clients.<o
></o>This process is illustrated below:<o
></o>This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
To take advantage of these benefits, you’ll need a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer). Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology.
Feedback
You can use the traditional Feedback Hub if you have any issues or suggestions.
That’s all, thanks for watching, look forward to meeting you again in the future!<o
></o>Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
More...