Since .NET Core dropped support for sandboxing, Microsoft instead advises to use process/user boundaries for this instead. There's just a little problem with this: You need administrative privileges to create a new user.
Is there any solution for a non-admin application to create a sandbox in which to run untrusted code? Something that would only have read/execute access on the Windows DLL (since those are required for any process to run) and the folder the untrusted code is in?