Windows Sandbox

Windows Sandbox runs on top of Hyper-V.

Whenever Windows Sandbox is started, it does so in a clean state. This also means that it is impossible to install a software that requires a reboot.

That said, the docu states that as of Windows 11, version 22H2, the data persists through a restart initiated from inside the virtualized environment.

Enabling Windows Sandbox

PowerShell

With elevated privileges: Check if Windows Sandbox is already enabled (note that the feature name is Containers-DisposableClientVM):

PS:> get-windowsOptionalFeature -online | where-object {$_.featureName -eq 'Containers-DisposableClientVM' }

FeatureName : Containers-DisposableClientVM
State       : Disabled

Enabling the feature requires to reboot the machine:

PS:> enable-windowsOptionalFeature -online -featureName 'Containers-DisposableClientVM' -all

Do you want to restart the computer to complete this operation now?
[Y] Yes  [N] No  [?] Help (default is "Y"):

After reboot

After rebooting, I found that the directory C:\ProgramData\Microsoft\Windows\Containers was modified.

Starting a sandbox

PowerShell:

PS:\> WindowsSandbox.exe

Unable to reach Microsoft Store

After enabling and starting Windows Sandbox on a Windows 11 machine, I got the error message: Unable to reach Microsoft Store. Continuing with Classic Windows Sandbox. (Error 0x80072ee7).

Exploring the new environment

User accounts

Starting a PowerShell session reveals that the (default?) user is WDAGUtilityAccount:

PS C:\Users\WDAGUtilityAccount> function prompt {'PS> '}

WDAG likely stands for Windows Defender Application Guard (Compare with WDAC which stands for Windows Defender Application Control).

Apart from Public and WDAGUtilityAccount, there are also the users ContainerAdministrator and ContainerUser:

PS> ls C:\Users\ | select name

Name
----
ContainerAdministrator
ContainerUser
Public
WDAGUtilityAccount

Who am I, anyway:

PS> whoami
a8dc5139-5e6d-4\wdagutilityaccount

The first part of the output of whoami is related to the hostname:

PS> hostname
a8dc5139-5e6d-4ee6-b955-d7e400d2f447

Note that the value a8dc5139-5e6d-4ee6-b955-d7e400d2f447 seems to stay the same across multiple Sandbox sessions.

Downloading files

Trying to download a file with invoke-webRequest results in the (error?) message The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.

Therefore, files need to be downloaded with the -useBasicParsing option (if using invoke-webRequest, that is).

No Notepad

There is no notepad.exe, at least not under c:\Windows, C:\Windows\System32 or C:\Users\WDAGUtilityAccount\AppData\Local\Microsoft\WindowsApps.

It is possible to run notepad by copying C:\Windows\System32\notepad.exe and C:\Windows\System32\en-US\notepad.exe.mui (assuming an installation where the language is en-US) from the host to the guest to the same directories (the notepad.exe.mui file must go into the a language subdirectory of the directory into which notepad.exe is copied).

Other missing objects under C:\Windows\System32

On the host, I find more files/directories under C:\Windows\System32 ‥

PS: 3 C:/Users/rene> (ls c:\windows\System32 | measure).count
4769

‥ than in the Sandbox:

PS C:\Users\WDAGUtilityAccount> (ls c:\windows\System32 | measure).count
4539

Only one running Sandbox instance allowed

Trying to start a second Sandbox instance while another is already running results in the message Only one running instance of Windows Sandbox is allowed.

Persisting modifications

Starting with Windows 11, version 22H2, modifications made in the Sandbox are persisted across reboots if a reboot is initiated from within the sandbox, for example with

shutdown -r -t 0

On the other hand, if I simply shut down the Sandobx with the following command, all modifications will be lost:

shutdown -s -t 0

Virtual disks etc

After starting Windows Sandbox, I found a newly created directory under C:\ProgramData\Microsoft\Windows\Containers\ContainerStorages whose name was a GUID.

This directory contained, file named sandbox.vhdx, a file named sandbox.vmgs (which seems tob be a virtual machine guest state file) and Bindings\config.json which references C:\Windows\System32\Catroot\{01234567-89ab-cdef-0123-4567890abcdef} (that last part of the directory being another GUID in curly braces).

Directories

When starting a sandbox, I find the directores C:\EFI and C:\sources:

PS C:\Users\WDAGUtilityAccount> ls C:\EFI\


    Directory: C:\EFI


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----        24.07.2025     16:35                Boot
d-----        24.07.2025     16:35                Microsoft

PS C:\Users\WDAGUtilityAccount> ls C:\sources\


    Directory: C:\sources


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----        24.07.2025     16:29                en-US
d-----        24.07.2025     16:29                etwproviders
d-----        24.07.2025     16:29                servicing

Slow installations

When I tried to install Python in a sandbox, I found the installation process to be slow.

This thread suggested to first execute in PowerShell:

set-itemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\CI\Policy -name VerifiedAndReputablePolicyState -value "0"
CiTool.exe -r

Newer Version with Windows 11, 24H2 and KB10D

With Windows 11, 24H2 and KB10D, a newer version of Windows Sandbox is available which features new command line functionality.

In order to check if KB10D is installed, the following command can be used:

get-hotfix -id KB10D

Install WinGet

Windows Sandbox does not include winget.exe.

The following PowerShell commands can be used to install WinGet on Windows Sandbox:

$progressPreference = 'silentlyContinue'

install-packageProvider -name NuGet -force | out-null
install-module -name microsoft.winGet.client -force -repository PSGallery | out-null

# Use repair-winGetPackageManager to bootstrap WinGet...
repair-winGetPackageManager -allUsers

.wsb files

Starting a visible PowerShell console

Simply putting powershell into <LogonCommand><Command>‥</Command><LogonCommand> does not start a visible PowerShell console.

In order to create a usable PowerShell console, the process must be started indirectly:

<Configuration>
  <LogonCommand>
     <Command>cmd /c "start powershell"</Command>
  </LogonCommand>
</Configuration>

Mapped folders

Host directories can be mapped to directories on the Sandbox:

<MappedFolders>
   <MappedFolder> <HostFolder>C:\Users\rene\xyz</HostFolder> <SandboxFolder>C:\host</SandboxFolder>      <ReadOnly>true</ReadOnly> </MappedFolder>
   <MappedFolder> <HostFolder>D:\Software</HostFolder>       <SandboxFolder>C:\software</SandboxFolder>  <ReadOnly>true</ReadOnly> </MappedFolder>
</MappedFolders>

It's possible to specify the host directory with a relative path. This path is interpreted in relation to the .wsb file:

<MappedFolders>
   <MappedFolder> <HostFolder>./HostFolder> <SandboxFolder>C:\curDir</SandboxFolder>/MappedFolder>
</MappedFolders>

A host like \\serverxyz that was mapped to the O:\ drive could only be mapped with <MappedFolder> <HostFolder>\\serverxyz\‥/HostFolder>, not with <HostFolder>O:\‥</HostFolder>.

Specifying the path of the mapped folder with a variable

.wsb file

Note the variable %host_folder_dir% in the following .wsb file:

<Configuration>

  <LogonCommand>
     <Command>cmd /c "start powershell -noexit -c ls c:\host"</Command>
  </LogonCommand>

  <MappedFolders>
     <MappedFolder>
         <HostFolder>%host_folder_dir%</HostFolder>
         <SandboxFolder>C:\host</SandboxFolder>
         <ReadOnly>true</ReadOnly>
     </MappedFolder>
  </MappedFolders>

</Configuration>

Using this .wsb file from PowerShell:

PS C:\Users\rene> $env:host_folder_dir=$pwd
PS C:\Users\rene> WindowsSandbox mapped-folder.wsb

Links

There is a github repository for Windows Sandbox.