Deploy Windows Subsystem for Linux

What is the Windows Susbsystem for Linux?

As per the Microsoft Documentation, The Windows Subsystem for Linux (WSL) is a new Windows 10 feature that enables you to run native Linux command-line tools directly on Windows, alongside your traditional Windows desktop and modern store apps.

Now what does that mean? Can you run a full Linux setup in this way? Well the answer to that is NO unfortunately not. This tool is designed for developers and other users who use bash and other common Linux tools.

I won’t go on as all of the information about WSL is in the link on the Microsoft Documentation text above.

I will however provide the two scripts I use and wrote (nothing special just a couple of lines) for deployment and detection and demonstrate how to deploy with MEMCM.

Once the subsystem is installed it doesn’t mean that a Linux distribution is automatically installed. You can access these distributions via the Public Microsoft Store, however if you use this in an Enterprise and would like them added to your Enterprise Store you will need to contact your Store Admin. I will touch on how to add these just for simple convenience.

(Un)Installation Script

The script below can be used to both Enable and Disable the Windows Subsystem for Linux depending on what command line switch you specify. As mentioned this is not a complex script and it is easily edited for other Windows Optional Features

<#
.SYNOPSIS
  This script is used to Enable and Disable the Windows Subsystem for Linux Depending on the command line switch it is called with
.DESCRIPTION
  This script is used to Enable and Disable the Windows Subsystem for Linux Depending on the command line switch it is called with
.PARAMETER Enable
    Enables the Windows Subsystem for Linux
.PARAMETER Disable
    Disables the Windows Subsystem for Linux
.INPUTS
  None
.OUTPUTS
  None
.NOTES
  Version:        1.0
  Author:         David Brook
  Creation Date:  13/08/2020
  Purpose/Change: Initial script creation
  
.EXAMPLE
  Windows_SubSystem_for_Linux.ps1 -Enable
#>

param (
    [switch]
    $Enable,
    [switch]
    $Disable,
    [switch]
)

IF ($Enable) {
    Enable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -All -NoRestart
}

IF ($Disable) {
    Disable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Windows-Subsystem-Linux" -NoRestart
}

Detection Script

The script below can be for detection of the Windows Subsystem for Linux. I did try to use the Get-WindowsOptionalFeature -Online however it seemed to never be detected.

IF ( Get-WmiObject -Class Win32_OptionalFeature | Where-Object {($_.Name -Match "Microsoft-Windows-Subsystem-Linux") -and ($_.InstallState -eq 1)} ){
  $True
}

MEMCM Application

Head over to your Software Library and Start Creating an application in your desired folder

  • General Tab - Select Manually Specify the application information
  • General Information - Input your desired information, I called this Windows Subsystem for Linux but this is entirely your choice
  • Software Center - Check the information and upload an icon if you would like, I used the below feel free to save it :D

  • Deployment Types - Click Add
  • Deployment Type - General - Change the Type to Script Installer
  • Deployment Type - General Information - Provide a name and admin comments for your deployment type
  • Deployment Type - Content
    • Content Location - Select your content location (Where you saved the PowerShell Script)
    • Installation Program - Powershell.exe -ExecutionPolicy Bypass -File "..ps1" -Enable
    • Uninstall Program - Powershell.exe -ExecutionPolicy Bypass -File "..ps1" -Disable
  • Deployment Type - Detection Method - Select Use custom script to detect the presence of this deployment type and click Edit
    • Script Type - PowerShell
    • Script Content - Use the detection method script above
  • Deployment Type - User Experience
    • Installation Behavior - Install for System (Leave the reset as default or change as you desire)
  • Deployment Type - Requirements - Add any requirements you want it to meet (The application does not require anything to install)
  • Deployment Type - Dependencies - Add any dependencies you want it to meet (The application does not require any to install)
Finish both of the off the dialog windows through the summary panes and then deploy the applications to your desired collections.

As mentioned above you will need to use a Linux distribution to use with the Windows Subsystem for Linux which are available in the Microsoft Store.

Intune Application

Please see Creating Intune Win32 Apps for creating an Intune Win32 App Package.

  • Select Apps from the navigation pane
  • Select All Apps, Click Add
  • Select App type Other>Windows app (Win32), Click Select
  • Click Select app package file, Click the Blue Folder icon to open the browse windows
  • Select the .intunewin file you have created containing a copy of the script above, Click Open and then click OK
  • Fill out the Name and Publisher mandatory fields, and any other fields you desire
  • Upload an icon if you desire, I would recommend doing this if you are deploying this to users via the Company Portal
  • Click Next
  • Enter your install command powershell.exe -executionpolicy bypass ".\<Script Name.ps1>" -Enable
  • Enter your uninstall command powershell.exe -executionpolicy bypass ".\<Script Name.ps1>" -Disable
  • Select your install behavior as System
  • Select your desired restart behavior, Adding custom return codes if required

    WSL Does require a reboot to function, so please bear that in mind.

  • Click Next
  • Complete your OS Requirements, At a minimum you need to specify the Architecture (x86/x64) and the minimum OS Version (e.g. 1607/1703 etc.)
  • Click Next
  • For Detection rules, select Use a custom detection script
    • Script File: Browse to a copy of the Detection Script provided above.
  • Assign the application to your desired group

If you want to display the app in the company portal, it MUST be assigned to a group containing that user. Required Assignments will force the app to install, whereas Available will show this in the Company Portal. Click Next

  • Click Create

Microsoft Store For Business

The assignments are only user targeted, if you use groups and only the device you are using is in that group and not the user nothing will appear in the store.

The Linux Distributions are available in the Microsoft Store for Business (MSfB), you and/or your company may restrict what apps can be installed from the store.

Below is a run down on how to deploy these Distros to Azure AD/Microsoft 365 Groups.

We will also look at how to deploy these in Offline mode.

To get started launch the Microsoft Store for Business page.

  • Click Sign in in the top right-hand corner and complete the sign-in process
  • Type Linux in the search bar

You will receive the WSL Distros at the top if you use the Developer Tools category filter

Image

  • Click on the Distro you would like to use/deploy
  • Select you Licence Type, See Microsoft Documentation, Click Get App.
  • Select the drop down below for your method of distribution.
Online

This option allows you to publish the Distro to the Microsoft Private Store.

  • Click the Ellipses (…) next to the Install button, Select Manage
  • See the options in the drop downs below
Users

I would suggest using groups instead of assigning this to individual users. Please see the Private store availability section below

If you want to deploy the application to just a specific user(s), you can just add them individually.

  • Click Assign to Users
  • Enter their Name or Email Address
  • Select the User
  • Click Assign
  • Wait for the process to complete, click Close
Private store availability

I would suggest using Specific Groups for the distros, As this have a requirement of WSL been enabled, unless you deploy this as a required deployment.

No one

Make sure you remove it from any Users in the users tab if you want to ensure No One has access to it.

If you want to stop deploying the application, you simply have to select No one. No options for confirmation, it just removes ot from the Microsoft Store.

Everyone
If you want to deploy the application to your whole organisation, you simply have to select Everyone. No options for confirmation, it just makes this available in the Microsoft Store.
Specific Groups

If you want to deploy the application to a group of Users select Specific Groups.

  • Click Assign Groups
  • Enter the Name of the group
  • Select the Group
  • Click Add Groups

Offline

This option allows you to download the AppX Package for installation with DISM, PowerShell CmdLets or your MDM Provider.

  • Click Manage
  • Select your Platform, Minimum Version, Architecture, App Metadata
  • You will then see something like the image below, this contains the Package Identity Name, Package family name, Package full name, Package format and the Supported architectures. Image
  • Click Download

I will demonstrate how to install this using PowerShell, however, please see the Distribute Offline Apps Microsoft Documentation for alternative methods.

  • Launch a Admin PowerShell console
  • Browse to the directory the AppXBundle is stored
  • Type Add-AppxPackage -Path .\<PackageName>.AppxBundle, Hit Enter
  • The distro is now installed

You can check that the distro is installed by using the Package Identity Name.
Get-AppxPackage -Name <Package Identity Name


  • Distribute the content using your preferred method
  • The Distro will now appear in your Start Menu

To Enable WSL for use the device must be restarted, If you see the below message, WSL is either not installed or your device is pending a reboot.
Image

Summary

I hope that you find this useful if you ever need to deploy WSL. If you have any questions please do not hesitate to reach out using the Contact page or in the comment section below.

I had to use WSL the other day when deploying Docker Desktop as a dependency, the script came in handy for sure.

comments powered by Disqus