A recent Windows 10 Insider Feedback Hub quest revealed that Microsoft is developing a new throwaway sandboxed desktop feature called "InPrivate Desktop". This feature will allow administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system's files.
"InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software," the Feedback Hub questions explains. "This is basically an in-box, speedy VM that is recycled when you close the app!"
This quest is no longer available in the Feedback Hub, but according to it's description, this feature is being targeted at Windows 10 Enterprise and requires at least 4 GB of RAM, 5 GB of free disk space, 2 CPU cores, and CPU virtualization enabled in the BIOS. It does not indicate if Hyper-V needs to be installed or not, but as the app requires admin privileges to install some features, it could be that Hyper-V will be enabled.
The full description for the InPrivate Desktop (Preview) quest can be seen below.
Microsoft is Developing a Sandboxed "InPrivate Deskop" for Windows 10 Enterprise
InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software. This is basically an in-box, speedy VM that is recycled when you close the app!
Prerequisites:
* Windows 10 Enterprise
* Builds 17718+
* Branch: Any
* Hypervisor capabilities enabled in BIOS
* At least 4GB of RAM
* At least 5GB free disk space
* At least 2 CPU cores
Installation Steps:
1. Open Microsoft Store app and go to the Microsoft tab at the top.
2. Search for InPrivate Desktop (Preview) app and install it.
3. First launch of the app requires admin privileges to install some features. This will prompt for a reboot.
4. After reboot, launch InPrivate desktop normally, and start playing!
Trying out InPrivate Desktop:
Ctrl+C, Ctrl+V stuff into the app!
Run you untrusted exes in the app!
Note: This is a new, in-development app. Learn more about the current limitations on our wiki: https://osgwiki.com/wiki/Madrid_Self-host
Let us know what you think of the feature and what you’d like to do with it by filing feedback at http://aka.ms/InPrivateDesktop-fb.
Quest was live, but app was not available
When the quest was live, I had attempted to install the InPrivate Desktop (Preview) app, but it was not accessible from the Microsoft Store as described. Furthermore, a wiki link in the quest description brought me to a page asking me to login to my Microsoft account. When I logged in with my account, I received a message that indicates that I need to be part of the Azure Active Directory (Azure AD) tenant for "Microsoft".
It is too bad that I was unable to test this feature as it looks to be an interesting way to execute untrusted software without fear of permanent file modification, program installation, or configuration changes. This will also provide a new security boundary that Microsoft will need to protect and that researchers will be hammering for bug bounties.
Comments
backfolder - 5 years ago
Aleluya!
bobsage - 5 years ago
Awesome except for the whole enterprise only thing. This needs to come to Pro.
Lawrence Abrams - 5 years ago
100% agree. Great feature if and when it makes it to Windows.
Bullwinkle-J-Moose - 5 years ago
I already have this for Windows 8.1 Home/Pro and Enterprise as well as Windows 10
Shadow Mode for Windows 10 also works with Windows 8.1 and probably Win 7 as well but read the docs as Fast Boot must be disabled before it will work correctly
Windows is now READ ONLY and new malware is easily eliminated with a simple reboot
For Microsoft malware and the MS popups and warnings, I fixed those with "Blackbird Windows 8.1 & 10 Privacy Tools" and stopped ALL updates with "StopUpdates10"
No more Telemetry / No more malware / No more Updates!
FINALLY, Windows just does what "I want it to do" (Not Microsoft)
I have had ZERO problems with this setup and you can easily disable ShadowMode to permanently install whatever you want
You're Welcome!
Bullwinkle-J-Moose - 5 years ago
If you want to try ShadowMode, Google "Shadow Defender"
It WORKS!