sirredbeard
commented
4 years ago So far you have identified GPO to control:
- activation of WSL
- automate upgrades/updates
I would be interested in speaking to you more about what you are looking for. Please drop me an e-mail at hayden dot barnes at canonical dot com.
We are working to improve the experience of deploying Ubuntu on WSL in the enterprise in the coming months. We have some blogs, tutorials, and documentation planned.
When you plan a WSL deployment you have to determine how you are going to upgrade the WSL application container (via Intune, DSIM, third-party endpoint management tools, etc.) and how to upgrade the Linux environment.
The Windows Store/Intune does not update the Linux environment, it must be updated with distro-specific tools.
For Ubuntu we work with clients to manage their Ubuntu WSL environment using Landscape.
Is your feature request related to a problem? Please describe. Unable to control WSL activation in a large enterprise. Due to this we cannot manage vulnerabilities/patching etc.
Describe the solution you'd like A GPO to control if WSL can be activated or not. and/or a way to automate/force upgrades/updates on multiple machines.
Describe alternatives you've considered Blocking via 3rd party or applocker. Neither is ideal.
Additional context WSL makes it hard managing security and patching in a global organisation with many who see the shinny toys but have no understanding of the security aspects. It is a very cool product but it seems enterprise control hasn't been considered.