OpenAI's engineering team faced a significant challenge bringing their Codex coding agent to Windows while maintaining safety and functionality. Unlike macOS and Linux, Windows lacks native sandboxing capabilities comparable to Seatbelt or seccomp, forcing developers to choose between inefficient approval processes or completely unrestricted access to their systems.

After evaluating Windows' built-in options—AppContainer, Windows Sandbox, and Mandatory Integrity Control—the team found each unsuitable. AppContainer was too restrictive for open-ended development workflows, Windows Sandbox required separate environments and wasn't available on all Windows SKUs, and MIC labeling posed broader security risks by altering the fundamental trust model of the user's workspace.

The team developed an "unelevated sandbox" using Windows SIDs and write-restricted tokens. This solution creates a synthetic SID with precisely controlled write permissions, allowing Codex to modify only specific directories while maintaining system security. The approach enables developers to use Codex safely on Windows without sacrificing productivity or requiring administrative privileges.