Trying to use the "Enable itch.io sandbox" option of the itch.io launcher under windows, from a non-admin user, won't work for me: It consistently fails with a rather uninformative "Sandbox check failed: The parameter is incorrect."

After some code digging, I believe I understand what's breaking here.
To set up the sandbox, we fork out something like "butler.exe --elevate fuji setup" which re-runs itself on administrator permissions before setting up the user.
smaug/fuji stores the credentials of this user in the registry under HKEY_CURRENT_USER/Software/itch/Sandbox.

Now, HKEY_CURRENT_USER is different between the two environments: In the elevated butler, it refers to the registry of the administrator user. In the normal butlerd, it refers to the registry of the normal user. So fuji successfully creates a user, but then stores its credentials in a place the normal butler can't reach.

As a manual workaround, you can run regedit (as administrator) and manually copy/move the relevant registry keys from the admin user's HKEY_USERS subtree to the normal user.

A proper fix may prove a little awkward: We'll have to teach smaug/fuji/credentials.go that it shouldn't use registry.CURRENT_USER but sometimes, in the elevated case, go into another user's tree instead. Which will require explicitly passing that user through --elevate, or detecting the elevated-from user automatically somehow?
Alternatively, we could either generate the credentials up front in the parent and pass them down (passwords on argv might be dodgy?) or have the child write them to stdout rather than to its registry...

Thanks for the detailed report. I think you've identified the source of the problem accurately and the proposed fix seems acceptable.

I'm currently reworking the itch/butler interface to make butler a library, so I'm gonna have to rethink the sandboxing somewhat.

One thing that discourages me from spending more time working on the Windows sandbox is I'm not entirely sure it's even the right approach. Unlike the Linux and macOS sandboxes, it's just using another user profile. I would like to find a better approach.

I'll revisit this issue when I'm at the point where sandboxing is the only remaining issue with the new itch/butler interfacing.

I see where you're coming from. I'll see if I can come up with a quick elegant fix (can probably get the actual user from inspecting PPID in the elevated child) but if not, this can stay wonky until the rework.

Windows does have proper containers now, which seem tempting, but they may have licensing issues - also they seem very not-persistent, which won't help people's savegames.

Oh well. Worst case we'll solve it when we need to distill out a smaller "setup itch sandbox" binary for that pure library version.