Skip to content

Instantly share code, notes, and snippets.

Last active July 17, 2023 00:32
  • Star 5 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Use Windows Sandboxing to be able to install your WinGet manifest. Source:
# Parse Arguments
[Parameter(Mandatory, HelpMessage = "The path for the Manifest.")]
[String] $Manifest
if (-not (Test-Path -Path $Manifest -PathType Leaf)) {
throw 'The Manifest file does not exist.'
# Validate manifest file
# We can't rely on status code until is solved
$validationResult = winget.exe validate $Manifest
if ($validationResult -like '*Manifest validation failed.*') {
throw 'Manifest validation failed.'
# Check if Windows Sandbox is enabled
if (-Not (Test-Path "$env:windir\System32\WindowsSandbox.exe")) {
Write-Error -Category NotInstalled -Message @'
Windows Sandbox does not seem to be available. Check the following URL for prerequisites and further details:
You can run the following command in an elevated PowerShell for enabling Windows Sandbox:
Enable-WindowsOptionalFeature -Online -FeatureName 'Containers-DisposableClientVM'
'@ -ErrorAction Stop
# Set dependencies
$desktopAppInstaller = @{
fileName = 'Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.appxbundle'
url = ''
hash = '11ECD121B5A19E07A545E84BC4DC182BD64A6233C9DE137E10E3016D1527FC1E'
$vcLibs = @{
fileName = 'Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe.appxbundle'
url = ''
hash = 'E3339B2B40EE2522703FCAA451236653D8B9ACA2B98AE9162C427F978D08139A'
$vcLibsUwp = @{
fileName = 'Microsoft.VCLibs.140.00.UWPDesktop_14.0.29231.0_x64__8wekyb3d8bbwe.appxbundle'
url = ''
hash = '6602159C341BAFEA747D0EDF15669AC72DF8817299FBFAA90469909E06794256'
$dependencies = @($desktopAppInstaller, $vcLibsUwp)
# Initialize Temp Folder
$tempFolder = Join-Path -Path $PSScriptRoot -ChildPath 'SandboxTest_Temp'
New-Item $tempFolder -ItemType Directory -ea 0 | Out-Null
Get-ChildItem $tempFolder -Recurse -Exclude $dependencies.fileName | Remove-Item -Force
Copy-Item -Path $Manifest -Destination $tempFolder
# Download dependencies
$WebClient = New-Object System.Net.WebClient
foreach ($dependency in $dependencies) {
$dependency.file = Join-Path -Path $tempFolder -ChildPath $dependency.fileName
# Only download if the file does not exist, or its hash does not match.
if (-Not ((Test-Path -Path $dependency.file -PathType Leaf) -And $dependency.hash -eq $(get-filehash $dependency.file).Hash)) {
# This downloads the file
Write-Host "Downloading $($dependency.url) ..."
try {
$WebClient.DownloadFile($dependency.url, $dependency.file)
catch {
throw "Error downloading $($dependency.url) ."
if (-not ($dependency.hash -eq $(get-filehash $dependency.file).Hash)) {
throw 'Hashes do not match, try gain.'
# Create Bootstrap script
$manifestFileName = Split-Path $Manifest -Leaf
$bootstrapPs1Content = @"
Set-PSDebug -Trace 1
Add-AppxPackage -Path '$($desktopAppInstaller.fileName)' -DependencyPath '$($vcLibsUwp.fileName)'
winget install -m '$manifestFileName'
$bootstrapPs1FileName = 'Bootstrap.ps1'
$bootstrapPs1Content | Out-File (Join-Path -Path $tempFolder -ChildPath $bootstrapPs1FileName)
# Create Wsb file
$tempFolderInSandbox = Join-Path -Path 'C:\Users\WDAGUtilityAccount\Desktop' -ChildPath (Split-Path $tempFolder -Leaf)
$sandboxTestWsbContent = @"
<Command>PowerShell Start-Process PowerShell -WorkingDirectory '$tempFolderInSandbox' -ArgumentList '-ExecutionPolicy Bypass -NoExit -File $bootstrapPs1FileName'</Command>
$sandboxTestWsbFileName = 'SandboxTest.wsb'
$sandboxTestWsbFile = Join-Path -Path $tempFolder -ChildPath $sandboxTestWsbFileName
$sandboxTestWsbContent | Out-File $sandboxTestWsbFile
Write-Host 'Starting Windows Sandbox and trying to install the manifest file.'
WindowsSandbox $SandboxTestWsbFile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment