I need a purpose-built sandbox that runs a full Windows instance yet remains completely subordinate to the host workstation. Think of a cybercafé console: a customer sees a normal Windows desktop, while the operator has silent, behind-the-scenes authority. Core behaviour • A fresh, isolated Windows session is spawned for every user. • I can watch what happens inside that session in real time—keystrokes, screen, processes—without the user being able to tamper. • CPU, RAM, disk and network quotas can be set per session; the moment limits are hit, the sandbox gracefully throttles or terminates the activity. • A light layer of data exchange is still possible (shared folder or API) so I can pull logs or drop in approved files, but the guest cannot reach back to the host outside that channel. Administrative tools All host-side controls must be accessible from a single console: start/stop sessions, snapshot or reset the VM, push software updates, and enforce global policies. Low-level hooks for scripting (PowerShell or Python) are highly desirable so routines can be automated. Deliverables 1. Fully packaged sandbox application or scripted deployment (e.g., Hyper-V, VMware, or bespoke kernel driver—your choice) ready to install on Windows 10/11 Pro. 2. Management console with live activity feed and resource dial-backs. 3. Documentation: setup guide, admin manual, and an outline of the security model showing how limited data sharing is enforced. 4. A short demonstration video proving session creation, monitoring, throttling, and reset functions all work as specified. Acceptance criteria If I can sit at the host, spin up a new user session, watch it, control its resources, and wipe it clean afterward—while the guest remains unaware of my presence—the project is complete. The sandbox will be used exclusively for legitimate supervisory purposes; no malicious intent is involved.