Building A Safe, Effective Sandbox To Enable Codex On Windows
OpenAI, Wednesday, May 13th, 2026
OpenAI developed a custom sandbox for Codex on Windows using SIDs and write-restricted tokens for safe, permission-controlled code execution.
OpenAI's Codex coding agent required a sandbox implementation on Windows to balance safety and usability, as existing Windows isolation tools like AppContainer, Windows Sandbox, and Mandatory Integrity Control labeling were unsuitable for open-ended developer workflows.
The team created a custom "unelevated sandbox" solution using Windows security identifiers (SIDs) and write-restricted process tokens, which allow Codex to run without administrator privileges while limiting file writes to authorized directories and restricting network access.
This approach gives the sandbox a unique identity through synthetic SIDs that don't correspond to real users, and enforces write restrictions by requiring both normal user identity checks and restricted SID list validation before any file modifications. The solution brings a safe and effective Codex experience to Windows users without requiring constant approval prompts or full unrestricted access, matching the safety levels already available on macOS and Linux platforms.