[MichaelGG]

The Drawbridge[1] stuff is pretty interesting looking. I really wish MS would ship a simple sandboxing solution, so I can run arbitrary binaries and restrict them. The new Metro app stuff is cute, but doesn't help with the millions of existing binaries. Nor does it seem very user-friendly or useful, for that matter.

1: http://research.microsoft.com/en-us/projects/drawbridge/

[voltagex_]

A UWP sandboxing solution was demoed at Build this year and will ship as part of the Anniversary Update (SDK?). Apparently even Age of Empires II worked under it.

[contextfree]

Centennial isn't really a sandbox in the sense I think the poster above you meant - while processes have their reads/writes to certain filesystem/registry locations virtualized by default, this isn't a security boundary as they ultimately run at medium trust and can do anything the user can do.

AppContainer is the security sandbox used by modern apps (aka Metro/UWP). It can be used independently of other aspects of the modern app model - e.g., Chrome uses it to sandbox content processes - although this isn't documented very well (which I guess was what GP was complaining about?) and it seems like trying to sandbox apps that weren't designed to be sandboxed, as GP was wanting, would have inherent compatibility problems?

[novaleaf]

it's not what you want, but i use Sandboxie to run untrusted stuff. it's a freemium product.

http://www.sandboxie.com/