WIP Setup Windows Sandbox

[vbjay]

Proposed changes

Windows Sandbox: https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview

• Adds ability to setup and use Windows Sandbox to use current build output in a Windows Sandbox.
• On sandbox
  • Installs latest git, desktop-runtime, p4merge and other chocolatey packages and configures git with a known config that is configurable in script
  • Starts GE and allows user to perform whatever testing they want to perform
  • After user closes Git Extensions, config is gathered and a bundle of the current repo is created in TestResults folder to allow the cloning of that repo
  • add to script a way to auto launch PSR to record what the user did in Git Extensions into TestResults folder

See sample output from
TestResults.zip

Test methodology

• Ran script to verify sandbox was setup and usable.

Test environment(s)

• GIT
• Windows 10.0.22621.1848]

Merge strategy

Merge commit. (PR submitter to rebase and squash before merges).

---

✒️ I contribute this code under The Developer Certificate of Origin.

[vbjay]

@mstv @RussKie @gerhardol Please take for a spin. I am going to add a readme describing this in more detail to the pr but the idea is to be able to do clean machine testing in windows sandbox. It will configure the sandbox based on the setup and setup-repo scripts. This allows a developer to modify initial state as desired for the tests. They can modify the scripts to have whatever initial repo state.

Key points:

• Uses PSR to record user's actions. The generated MHT opens in edge and you must have internet explorer mode turned on to see screenshots)
• Generates a git bundle that can be used to clone the repo
• Generates a GitConfig.patch file that shows the changes in git config from initial setup to when GE was closed

[vbjay]

This PR is the pulled out work from #10473 to provide a basic Windows sandbox functionality. While the changes in the GPG pull request adds to the sandbox work to show GPG testing.

[mstv]

I cannot test it due to an error popup (MessageBox) - although I can run WSB from Start menu.
As unfortunately usual, the error message does not contain the "specified" path!

---------------------------
Windows-Sandbox
---------------------------
An error occurred during sandbox configuration. This can occur if invalid settings were passed to the sandbox.

Error 0x80070003. The system cannot find the specified path.

[mstv]

Is this mandatory if WSB is installed?
I can run WSB from Start menu without UAC.

[vbjay]

It is if it has to enable the feature.

[vbjay]

I can see if I can move it to the enable step area.

[mstv]

(My system needed to restart.)

[vbjay]

Ok. I'll add to documentation that it attempts to not require a restart but may require one.

[mstv]

Suggested change

[mstv]

Suggested change

[mstv]

Suggested change

[vbjay]

I cannot test it due to an error popup (MessageBox) - although I can run WSB from Start menu.
As unfortunately usual, the error message does not contain the "specified" path!

---------------------------
Windows-Sandbox
---------------------------
An error occurred during sandbox configuration. This can occur if invalid settings were passed to the sandbox.

Error 0x80070003. The system cannot find the specified path.

Can you confirm you have the folders in Sandbox.wsb file mentioned. I do need to add a message around running script to get psr if someone just double clicks wsb file and wsb can't find psr.exe.

Thanks for testing. Love works on my machine fun.

[mstv]

Can you confirm you have the folders in Sandbox.wsb file mentioned.

I double checked the existence of the 4 folders before.
The relative paths seem to cause the issue. The sandbox starts with absolute paths in Sandbox.wsb.

I forgot to mention my environment

• Microsoft Windows NT 10.0.19045.0 (22H2 Pro)
• .NET 6.0.18

---

This took long, but succeeded including Recording.zip - although:

Copy-Item : Access to the path 'C:\Windows\system32\psr.exe' is denied.
At C:\Users\WDAGUtilityAccount\desktop\wsb\setup.ps1:66 char:1
+ Copy-Item "$env:USERPROFILE\Desktop\wsb\psr.exe" "$env:SystemRoot\sys ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\WDAGUt...top\wsb\psr.exe:FileInfo) [Copy-Item], Unauthorized
   AccessException
    + FullyQualifiedErrorId : CopyFileInfoItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.CopyItemCommand

[mstv]

😉

Suggested change

	<MappedFolder>
	<MappedFolder>

[vbjay]

Can you confirm you have the folders in Sandbox.wsb file mentioned.

I double checked the existence of the 4 folders before.
The relative paths seem to cause the issue. The sandbox starts with absolute paths in Sandbox.wsb.

I forgot to mention my environment

• Microsoft Windows NT 10.0.19045.0 (22H2 Pro)
• .NET 6.0.18

---

This took long, but succeeded including Recording.zip - although:

Copy-Item : Access to the path 'C:\Windows\system32\psr.exe' is denied.
At C:\Users\WDAGUtilityAccount\desktop\wsb\setup.ps1:66 char:1
+ Copy-Item "$env:USERPROFILE\Desktop\wsb\psr.exe" "$env:SystemRoot\sys ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\WDAGUt...top\wsb\psr.exe:FileInfo) [Copy-Item], Unauthorized
   AccessException
    + FullyQualifiedErrorId : CopyFileInfoItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.CopyItemCommand

Yes. It's not a quick tool. It is for repeatable clean machine testing. So yes it has to do setup each time.

Relative paths seem to work in wsb in windows 11. I might have to code it to generate the correct full paths into the wsb file.

It's supposed to run powershell as admin in the sandbox I'll see if I can just adjust the paths so it sees psr.exe in the wsb folder.

Thanks for testing. I'll tweak based on your feedback.

[RussKie]

Thank you @vbjay. I'm still planning to look at this but my workload is pretty high atm.

[vbjay]

Ok @mstv . Can you run through another run. I still have to think about the admin piece. The get optional features requires it and I am trying to make it to where it sets it up for you. I may break apart into setup dev environment script and a warning to setup if sandbox feature not setup. But I kinda liked the idea of the one script just figuring it out for you and installing the feature if needed. Also try the same script in the branch for #10473 The goal is this pr is merged before that branch. But I think I got it to where it won't give you issues with the relative paths and such.

[mstv]

It silently fails to run the LogonCommand.
Manual start of powershell results in:
Version v4.0.30319 of the .NET Framework is not installed and it is required to run version 3 of Windows PowerShell.

Windows 10 Pro 22H2 build 19045.3208
Windows Feature Experience Pack 1000.19041.1000.0

[mstv]

Suggested change

	Write-Error "Must run script as Administrator to install Containers-DisposableClientVM windows optional feature. Once installed, it is not required."
	Write-Error "Must run script as Administrator to install Containers-DisposableClientVM windows optional feature. Once installed, it is not required."

Unfortunately, the latter is not true for the current script anyway (as you mentioned). Get-WindowsOptionalFeature would need to be skipped because it requires higher privileges. A regarding message appears in addition to the misleading "Unsupported Operating System: Windows 10 Pro or Enterprise 1903 or greater required."

[mstv]

Suggested change

	Write-Warning "A windows restart may be required. If it fails to start reboot and attempt again."
	Write-Warning "A windows restart may be required. If it fails to start, reboot and attempt again."

[vbjay]

It silently fails to run the LogonCommand.
Manual start of powershell results in:
Version v4.0.30319 of the .NET Framework is not installed and it is required to run version 3 of Windows PowerShell.

Lovely. It may be a version of this. https://answers.microsoft.com/en-us/windows/forum/all/windows-sandbox-cant-run-powershell/21d50264-b2e8-4eca-b081-a8cc4778e86d

[mstv]

Works well after the Tuesday update (build 19045.3324).

[vbjay]

It silently fails to run the LogonCommand.
Manual start of powershell results in:
Version v4.0.30319 of the .NET Framework is not installed and it is required to run version 3 of Windows PowerShell.

Windows 10 Pro 22H2 build 19045.3208
Windows Feature Experience Pack 1000.19041.1000.0

See #11060 (comment)