A recent Windows 10 Insider Feedback Hub quest revealed that Microsoft is developing a new throwaway sandboxed desktop feature called “InPrivate Desktop”. This feature will allow administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system’s files.
“InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software,” the Feedback Hub questions explains. “This is basically an in-box, speedy VM that is recycled when you close the app!”
This is the obvious way in which Microsoft could isolate any legacy Win32 applications in future non-Win32 versions of Windows.
Funny timing, too. LXC, which Docker is built on top of, had its first release on August 6, 2008, according to Wikipedia. Just over 10 years ago.
Edited 2018-08-10 01:10 UTC
This is just another step in the transition to merge UWP and Win32 worlds, as shown at some BUILD 2018 sessions.
On the upcoming Windows 10, Win32 apps delivered with the new MSIX package format get sandboxed just like UWP ones are.
https://blogs.msdn.microsoft.com/sgern/2018/06/18/a-closer-look-at-m…
Edited 2018-08-10 07:30 UTC
This seems to apply only to MSIX packaged Win32 applications.
How about the legacy Win32 applications one may already have and not repackaged because the vendor no longer commercially exists?
On that case you will need some extra “fun”, at least on the current state of affairs.
https://blogs.msdn.microsoft.com/appconsult/2018/07/22/using-the-pac…
https://blogs.msdn.microsoft.com/appconsult/2018/07/18/solving-commo…
https://blogs.msdn.microsoft.com/appconsult/2018/07/13/a-simpler-and…
i’ve been waiting a long time (decades) for MS’s equivalent of BSD’s Jails. It made no sense that applications couldnt be run easily in some kind of isolation for easy resource management and monitoring, as well as security.
This seems like a step in the right direction for those who dont want to be running Vagrant/Virtualbox/Hyper-V just to isolate some applications.