I have gotten successful Windows 10 standalone appvm working and template vm working. I have also been able to get qubes-windows-tools to make everything work pretty well with the rest of qubes.
However, I remain very confused about what the advantages are of a Windows Template VM vs a Windows Standalone AppVM. I don’t see what is functionally different about the two, as any AppVM I create from the TemplateVM still opens an entire Windows Desktop Environment identical to opening the Standalone or opening the TemplateVM itself.
Am I missing something? I see the usefulness of being able to just open Edge in an AppVM and have it work exactly like opening Firefox in a Debian or Fedora AppVM. It just isn’t working like that for me.
My apologies for the rather basic question. I’ve just spent too many hours combing the documentation and installing Windows in fifteen different ways to not just ask the community!
AppVMs based on a Windows template will work just as standalones do, but they will have their used directory C:\users stored as Q:\users on a separate virtual disk, if QWT was installed with the Move users directory option. This is a significant improvement regarding their security:
If you get some malware that modifies parts of the Windows software in a standalone, you’re cooked, just like with a native Windows running on bare metal. The same happens if you somehow ruin the software running in or under Windows.
In an AppVM, these changes last only until the next reboot of your VM. After that, you’ll have just a clean copy of the template, and any malware stored somewhere in a Windows or program directory will be gone. So you might even consider doing without a virus scanner.
So I’d recommend always using a template with AppVMs based on it.