diff --git a/codex-rs/core/src/exec.rs b/codex-rs/core/src/exec.rs
index fd5cd7bcdc..47d35af36e 100644
--- a/codex-rs/core/src/exec.rs
+++ b/codex-rs/core/src/exec.rs
@@ -1164,6 +1164,13 @@ pub(crate) fn resolve_windows_elevated_filesystem_overrides(
         return Ok(None);
     }
 
+    if matches!(sandbox_policy, SandboxPolicy::WorkspaceWrite { .. }) {
+        return Err(
+            "windows elevated sandbox cannot enforce workspace-write filesystem boundaries directly; refusing to run unsandboxed"
+                .to_string(),
+        );
+    }
+
     if !should_use_windows_restricted_token_sandbox(
         sandbox,
         sandbox_policy,
diff --git a/codex-rs/core/src/exec_tests.rs b/codex-rs/core/src/exec_tests.rs
index 9d335a81c7..16d3dec2a2 100644
--- a/codex-rs/core/src/exec_tests.rs
+++ b/codex-rs/core/src/exec_tests.rs
@@ -761,6 +761,48 @@ fn windows_elevated_supports_split_write_read_carveouts() {
     );
 }
 
+#[test]
+fn windows_elevated_rejects_workspace_write_boundaries() {
+    let temp_dir = tempfile::TempDir::new().expect("tempdir");
+    let policy = SandboxPolicy::WorkspaceWrite {
+        writable_roots: vec![],
+        network_access: false,
+        exclude_tmpdir_env_var: true,
+        exclude_slash_tmp: true,
+    };
+    let file_system_policy = FileSystemSandboxPolicy::restricted(vec![
+        codex_protocol::permissions::FileSystemSandboxEntry {
+            path: codex_protocol::permissions::FileSystemPath::Special {
+                value: codex_protocol::permissions::FileSystemSpecialPath::Root,
+            },
+            access: codex_protocol::permissions::FileSystemAccessMode::Read,
+        },
+        codex_protocol::permissions::FileSystemSandboxEntry {
+            path: codex_protocol::permissions::FileSystemPath::Special {
+                value: codex_protocol::permissions::FileSystemSpecialPath::project_roots(
+                    /*subpath*/ None,
+                ),
+            },
+            access: codex_protocol::permissions::FileSystemAccessMode::Write,
+        },
+    ]);
+
+    assert_eq!(
+        unsupported_windows_restricted_token_sandbox_reason(
+            SandboxType::WindowsRestrictedToken,
+            &policy,
+            &file_system_policy,
+            NetworkSandboxPolicy::Restricted,
+            &temp_dir.path().abs(),
+            WindowsSandboxLevel::Elevated,
+        ),
+        Some(
+            "windows elevated sandbox cannot enforce workspace-write filesystem boundaries directly; refusing to run unsandboxed"
+                .to_string()
+        )
+    );
+}
+
 #[test]
 fn windows_elevated_rejects_unreadable_split_carveouts() {
     let temp_dir = tempfile::TempDir::new().expect("tempdir");