microsoft / WSL

Issues found on WSL
https://docs.microsoft.com/windows/wsl
MIT License
17.51k stars 823 forks source link

Intune WSL Policy networking configuration suggestion #11858

Open JeffsRealm opened 3 months ago

JeffsRealm commented 3 months ago

Is your feature request related to a problem? Please describe. Yes, the problem is that the Intune WSL Settings catalog has just networking configuration on or off. However, this is a little broad. As an admin I really want to allow my users to do as much as they can but security sometimes get in the way. I have some that want to use mirrored networking, and some that want NAT. For me that is not a security issue. Let them choose. However I have to turn custom networking on. Which unfortunately also allows then to turn off autoproxy. That I do not want them to do as I consider that a security risk. Right now the forced proxy config makes them go through our network virus scanning and filtering and so on.

Describe the solution you'd like I would like a few more detailed policy setting inside WSL. to support WSL in the corporation. Right now there is only one one under networking configuration that is causing issues. So my solution I would like to see is a configuration that works with WSL in intune that allows admins to maintain networking security option but other options like Mirrored mode or NAT mode be configurable separately. I would make this an option to set the machines to Mirrored mode, Nat Mode, or User Configurable. I only suggest this as some corporations will want Mirrored, some will want Nat, some will want both.

Describe alternatives you've considered So right now, the only option is build an entire separate policy for uses that want mirrored mode. They have to sign a policy exception request then I can add them to a group that has all the networking features enable in order to use Mirrored mode. I Can do it but there is a potential security hole, and kind of a pain for end users and more configuration to maintain.

Additional context While this is the only one we have run into, there are several settings where we just plain disable parts of WSL, because there only the few settings that are all or nothing. This would be nice to break out more settings to allow them to be configured as needed.

Thanks, I am not sure if this is the right place for this suggestion as I do not know if Microsoft WSL also Works with Intune Settings Catalog or created them or if this was created due to some limitation on WSL configurations.

github-actions[bot] commented 3 months ago

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs Download and execute [collect-wsl-logs.ps1](https://github.com/Microsoft/WSL/blob/master/diagnostics/collect-wsl-logs.ps1) in an **administrative powershell prompt**: ``` Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1 Set-ExecutionPolicy Bypass -Scope Process -Force .\collect-wsl-logs.ps1 ``` The script will output the path of the log file once done. If this is a networking issue, please use [collect-networking-logs.ps1](https://github.com/Microsoft/WSL/blob/master/diagnostics/collect-networking-logs.ps1), following the instructions [here](https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues) Once completed please upload the output files to this Github issue. [Click here for more info on logging](https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#8-collect-wsl-logs-recommended-method) If you choose to email these logs instead of attaching to the bug, please send them to wsl-gh-logs@microsoft.com with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

JeffsRealm commented 3 months ago

/feature

github-actions[bot] commented 3 months ago
Diagnostic information ``` Found '/feature', adding tag 'feature' ```