Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocked WSL is erroneously referring to "group policy" #12343

Open
GenerAhl opened this issue Dec 4, 2024 · 3 comments
Open

Blocked WSL is erroneously referring to "group policy" #12343

GenerAhl opened this issue Dec 4, 2024 · 3 comments

Comments

@GenerAhl
Copy link

GenerAhl commented Dec 4, 2024

Discussed in #12342

Originally posted by GenerAhl December 4, 2024
When WSL is blocked from running on an EntraID-only device, it erroneously states that it's blocked by "group policy".
image

This should be changed to say "by policy" to cover all types rather than specifically calling out "group policy" which doesn't make sense on a cloud-only device that doesn't have group policies.
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

@b-cpu
Copy link

b-cpu commented Dec 10, 2024

"Local" group policy is what it would say if it was referring to group policy applied at the machine level

Pretty sure the message is fine

@GenerAhl
Copy link
Author

@b-cpu In this case there are no group policies in play, neither local ones nor those supplied from Active Directory. The WSL is configured through an MDM-policy which is different from a group policy. Therefore, if the runtime isn't checking where the policy is coming from, it should say "policy" to include all alternatives (Local policy, group policy, MDM policy)

The supported policy types are documented here: Support
"Control access to WSL and its key security settings with Intune or group policy", this should be reflected in the runtime as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@b-cpu @GenerAhl