Windows Sandbox is a lightweight, isolated environment that allows users to run applications in a secure and temporary desktop environment. It is particularly useful for testing applications or PowerShell scripts before deploying them in a production environment. Here are some key benefits and a guide of using Windows Sandbox for testing application installs.
Table of Contents
Overview
Windows Sandbox offers a temporary and isolated environment. When you close it, all software, files, and the sandbox state are deleted, providing a fresh instance each time you open the application. However, with Windows 11, version 22H2, your data can now persist through a restart initiated from within the virtualized environment—an essential feature for applications requiring a system reboot during installation.
Pre-Requisites
- Windows 10/11 Education/Pro/Enterprise (Home Editions are not supported)
- ARM64 (for Windows 11, version 22H2 and later) or AMD64 architecture
- Virtualization capabilities enabled in BIOS
- At least 4 GB of RAM (8 GB recommended)
- At least 1 GB of free disk space (SSD recommended)
- At least two CPU cores (four cores with hyper-threading recommended)
Benefits
- Isolation from the Host System
- Safe Testing Environment: Windows Sandbox creates a separate instance of Windows that is isolated from the host operating system. This means that any changes made during testing (such as application installations) do not affect the host system, reducing the risk of introducing malware or unwanted changes.
- Easy Setup and Use
- Windows Sandbox can be launched quickly and easily from the Start menu. It does not require complex configuration, making it accessible for users who may not have extensive technical expertise.
- Testing Application Behavior
- Observe Installation Processes: You can monitor how an application installs, including any prompts, dependencies, or configuration settings that may be required. This is particularly useful for understanding how the application interacts with the operating system.
- Check Compatibility: Testing applications in Windows Sandbox allows you to verify compatibility with the Windows environment and identify any potential issues before packaging the application.
- Revert to a Clean State
- Temporary Environment: Each time you start Windows Sandbox, it runs a fresh instance of Windows. Once you close the Sandbox, all changes made during the session are discarded. This allows for repeated testing without the need to manually reset the environment.
- No Residual Files: Since the Sandbox is ephemeral, there are no leftover files or registry changes that could affect future tests or the host system.
- Security Testing
- Malware and Security Risks: If you are testing applications that may pose security risks (e.g., beta software or applications from untrusted sources), Windows Sandbox provides a safe environment to evaluate their behavior without compromising the host system.
- Network Isolation: Windows Sandbox can be configured to limit network access, allowing you to test applications that require internet connectivity while still maintaining a level of security.
- Streamlined Application Packaging
- Gathering Installation Information: While testing applications, you can take notes on installation parameters, required files, and configurations needed for successful deployment in Intune. This information is invaluable when creating application packages.
- Test Deployment Scripts: If you are using scripts for installation or configuration, you can test these scripts in the Sandbox to ensure they work as intended before deploying them.
- User Experience Testing
- Testing Different Scenarios: You can simulate various user scenarios and configurations to see how the application behaves under different conditions.
How to Enable Windows Sandbox?
Enabling via Program/Features
- Open Control Panel and go to Programs > Programs and Features (Category) or Programs and Features (Large Icons).
- Click Turn Windows features on or off.
- Select the checkbox for Windows Sandbox and click OK.
- Restart your device to complete the installation.
PowerShell
You can use the following PowerShell command to install. Run PowerShell as Administrator and run the command and click Y to restart the computer to complete the installation.
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online
Using Windows Sandbox
- Search for Windows Sandbox and launch the application.
- The first time launching the application, it will download and install updates.
- The Windows Sandbox will look like the Windows desktop. From here you can use it as you normally would with a Windows device. To copy folders or files, just copy and paste it into the screen.
- In this example, I copied the Google Chrome .msi file onto the desktop and tested its installation using the command line via Command Prompt as an Administrator. Command line testing can be performed before deploying applications through platforms like Microsoft Intune, Configuration Manager, or PDQ. Additionally, you can run PowerShell scripts in the Windows Sandbox environment for secure and isolated testing.
Conclusion: Your Go-To for Application and Script Testing
Windows Sandbox is an invaluable tool for testing applications and scripts, especially if you don’t have a test VM or device readily available. Using Windows Sandbox is safer and more reliable than testing directly on your production device, as it provides an isolated environment that prevents potential disruptions. Moreover, it ensures that any changes or installations are contained and don’t impact your main system. This feature is particularly useful for IT professionals and developers looking to validate software before wider deployment.
References
Microsoft: Windows Sandbox | Microsoft Learn