In this session, Mike Nelson discusses the Windows Sandbox and its various applications. He starts off by explaining that the Windows Sandbox is a virtual environment in Windows 10 that allows users to test and experiment without causing any damage. It can be instantly spun up as a new image. Mike mentions that Sandbox can sometimes break things, especially when working with VirtualBox or KVM, but that VirtualBox has addressed this issue in its latest release. He advises caution and the use of Sandbox on non-critical systems.
Mike goes on to explain that Sandboxes are lightweight virtual containers based on a small image called Madrid. These sandboxes can be easily shared on small USB sticks. He mentions that networking within Sandbox is host-based, except for Microsoft Edge, which uses the host file. If specific networking is needed, it's best to refer to the host rather than the Sandbox. He mentions that Sandbox was originally created for testing patches and protecting against malware and ransomware.
Next, Mike introduces Jeff, an expert in the front row, who shares his experience using Sandbox. Jeff explains that he uses sandboxing to test modules and other creations without affecting his main laptop or operating system. He mentions that the sandbox state has limited functionality, but it can be customized by adding elements to it. Jeff also talks about WDAG (Windows Defender Application Guard), a product that led to the creation of sandbox. He highlights the components involved in sandboxing and how it interacts with the hypervisor and kernel. Jeff also mentions that the sandbox's security has been evaluated by Checkpoint Software. He shares that all the information discussed will be available in the PSConf 2023 GitHub repository.
Mike then discusses the key points of Sandboxing, including deploying a clean image to multiple users without the need for installing additional software like a virtual machine. He mentions an example of a company using sandboxes for e-learning purposes. He demonstrates the Windows Sandbox by launching an instance and highlights its quick startup time and limited application options. He explains that the sandbox can receive some information from the host but does not send much back for security reasons. The sandbox can be easily closed and resets to a brand new state upon reopening. Mike briefly touches on the container manager service and the base image used in the sandbox. He mentions that customization of the base layer may not be currently possible.
Mike and Jeff discuss various features and functionalities of Sandbox, including manipulating VHDX files, launching sandboxes from WSB files with specific configurations, mapping folders between the host and sandbox, using CMD files to launch commands, disabling vGPU, and the availability of PowerShell modules related to sandboxing.
They also mention Jeff's GitHub repository, where he provides sandbox configurations and scripts for customization. They discuss the metadata feature implemented by Jeff, which allows users to give meaningful names and descriptions to their sandboxes. They mention the hcs-diag utility for container management and provide insights into container identification and automation.
Mike concludes the episode by mentioning Power Automate and how flow understands sandboxes using their GUIDs. He mentions HSN and HNS diag utilities for networking used in other containers. He showcases the newly introduced persistence feature in Windows 11 build 22H2, where sandbox files and application states persist after a restart. He mentions that this is a big deal for applications that require reboots. Finally, Mike opens the floor for questions and mentions that all the code and information discussed will be available in the repository.
