Windows-Sandbox icon indicating copy to clipboard operation
Windows-Sandbox copied to clipboard
verified publisher icon microsoft

[Bug]: Windows is not activated inside the sandbox.

Open RokeJulianLockhart opened this issue 2 months ago • 4 comments

Windows Sandbox version

  1. #!/usr/bin/env pwsh
Get-AppxPackage MicrosoftWindows.WindowsSandbox

  2. Architecture : X64
Version      : 0.5.3.0

Windows build number

If you refer to the Sandbox: ^1

  1. Get-ComputerInfo | Select-Object -Property 'OsBuildNumber' | Format-List

  2. OSBuildNumber : 27975

Other software

Inside the sandbox:

  1. Get-AppXPackage windows.immersivecontrolpanel

  2. Version : 10.0.8.1000

Steps to reproduce the bug

  1. On the host:

    #!/usr/bin/env pwsh
WindowsSandbox

  2. Inside the sandbox:

    Start-Process 'ms-settings:activation'

Expected result

The sandbox should be activated, because the host is:

Image

Actual result

The sandbox is not activated:

Image

reddit.com/r/WindowsHelp/comments/1bzwj2g corroborates that this situation is not unique to my installation.

Included System Information

If you refer to the host: ^1 ^2

  1. #!/usr/bin/env pwsh
Get-ComputerInfo | Select-Object -Property @('OsName', 'OsBuildNumber') | Format-List

  2. OsName        : Microsoft Windows 11 Enterprise N
OsBuildNumber : 27975

RokeJulianLockhart avatar Oct 25 '25 11:10 RokeJulianLockhart

If the Sandbox was activated, either one of the following options would have to apply

  1. A generic key (and activation process) is used
  2. The host PC's key and activation data would be used

With the first option, it would be abused by people and used in a non-sandbox environment, so it's unlikely to ever be supported by Microsoft.

With the second option (which I believe you are suggesting), the sandbox wouldn't be an anonymous playground; It would be using the host's keys. Sandboxes are designed to be isolated from the host, and this would be a rather risky move should untrusted code be ran inside the sandbox (one of the reasons for a sandbox).

This is expected behaviour in any sandbox environment. It's designed to be a temporary Virtual Machine.

realJoshByrnes avatar Nov 12 '25 19:11 realJoshByrnes

@realJoshByrnes, it's not particularly useful if such a glaring difference between a real environment and the Sandbox exists. Very, very few people run Windows without activation, because most purchase Windows when they purchase their pre-built hardware. Regardless:

With the first option, it would be abused by people and used in a non-sandbox environment, so it's unlikely to ever be supported by Microsoft.

Faking a keyserver is already trivial. I can activate the Sandbox within PT5M. However, when I'm frequently creating new sandboxes, this becomes painful.

RokeJulianLockhart avatar Nov 12 '25 19:11 RokeJulianLockhart

I find it quite useful. I use it to run untrusted code, check apps or DLLs I write work out of the box, etc.

Maybe it's not the best fit for your use case; It sounds like you may be better off with a clonable (activated) VM.

realJoshByrnes avatar Nov 12 '25 19:11 realJoshByrnes

Maybe it's not the best fit for your use case; It sounds like you may be better off with a clonable (activated) VM.

@realJoshByrnes, I'm already running Windows under libvirt. Therefore, the lighter the nested hypervisor, the better. Sandbox appears to fit that niche quite well, since I solely utilise it to test whether software installs cleanly.

RokeJulianLockhart avatar Nov 12 '25 21:11 RokeJulianLockhart