Posey's Tips & Tricks
Windows Sandbox: An Easy Alternative to Windows 10 VMs
Hyper-V virtual machines have their uses, but the sandbox feature in Windows 10 can work just as well, is easier to set up and takes up much less disk space.
Since I first adopted Windows 10, I have kept a Windows 10 virtual machine (VM) installed on my desktop. When I created this VM -- and as I rebuilt it following new Windows 10 releases -- I made a checkpoint of the VM while it was in a pristine condition. That way, I could use the VM to test various procedures and to install software that I wouldn't necessarily want on my primary desktop operating system. Whenever I'm finished with what I'm doing, I simply use the checkpoint to roll the VM back to a pristine state.
This technique works really well, but it is not the only way to create an isolated Windows 10 environment. Windows 10 Pro and Enterprise include a "sandbox" feature where you can run untrusted software and experiment with configuration changes without putting your machine's primary operating system at risk and without the hassle of setting up a VM.
Setting up the sandbox environment is an easy process. Begin the process by verifying that you are running Windows 10 build 18305 or newer and that your machine supports hardware virtualization. Next, open the Control Panel by entering the Control command at the Windows Run prompt. Once the Control Panel opens, click on Programs, followed by the Turn Windows Feature On or Off link. Finally, select the Windows Sandbox option from the list of features, as shown in Figure 1, and click OK.
Once Windows Sandbox is installed, you can launch it from the Start menu by clicking on the Windows Sandbox icon. Figure 2 shows what Windows Sandbox looks like.
As you can see in the figure, Windows Sandbox looks a lot like a Hyper-V VM. Even so, there are several key differences. For starters, you will notice that I did not access the Windows Sandbox through the Hyper-V Manager, nor did I access it through an RDP session.
Another key difference between a Hyper-V VM and the Windows Sandbox is that I did not have to complete any sort of setup process beyond the steps listed above. In other words, Microsoft has automatically deployed a pristine copy of Windows 10 without me having to install Windows. This copy of Windows automatically reverts back to a pristine state at the end of each sandbox session.
One more difference between a Hyper-V VM and the Windows Sandbox environment is that the sandbox loads far more quickly than Windows 10 running on a Hyper-V VM.
The reason why Windows Sandbox is so different from a Hyper-V VM is because it is based on Windows Containers. For those who do not have a background in containers, they have a lot of similarities to VMs but are much lighter. The reason containers can be so lightweight is because unlike a VM, containers do not have a dedicated operating system. Instead, the containers running on a system share a common base image (the operating system kernel). As such, containers generally only contain the files, registry settings and other elements that are required to make a particular containerized application run.
One of the problems Microsoft had to address when creating the Windows Sandbox was that although it uses the computer's primary desktop operating system as a base image, some of the Windows operating system's files can change over the normal course of using Windows. As such, Microsoft had to create the concept of a dynamic base image. This dynamic base image contains pristine copies of the files that can potentially be modified, but the other operating system files within the sandbox are actually just links back to the same system files that the parent operating system is using.
One of the benefits of this approach is that the sandbox environment doesn't take up much disk space. The entire sandbox operating system only takes up about 100MB of space, whereas a full-blown copy of Windows 10 normally consumes several GB of space.
While the sandbox's small size probably helps it boot so quickly, the main reason why the sandbox is able to load so fast is that the first time you boot the sandbox, Windows writes the sandbox's memory contents and CPU state to disk. The next time you use the sandbox (and on each subsequent use), Windows simply loads this previously saved state rather than booting the sandbox OS from scratch.
About the Author
Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.