Enterprise environment: Set up Windows Subsystem for Linux for your company

As an administrator or manager, you may require all developers to use the same approved software. This consistency helps to create a well-defined work environment. The Windows Subsystem for Linux aids in this consistency by allowing you to import and export custom WSL images from one machine to the next. Read the guide below to learn more about:

Creating a custom WSL image

What is commonly referred to as an "image", is simply a snapshot of your software and its components saved to a file. In the case of the Windows Subsystem for Linux, your image would consist of the subsystem, its distributions, and whatever software and packages are installed on the distribution.

To begin creating your WSL image, first install the Windows Subsystem for Linux.

Once installed, use The Microsoft Store for Business to download and install the Linux distribution that’s right for you. Create an account with the Microsoft Store for Business.

Exporting your WSL image

Export your custom WSL image by running wsl --export <Distro> <FileName>, which will wrap your image in a tar file and make it ready for distribution on to other machines.

Distributing your WSL image

Distribute the WSL image from a share or storage device by running wsl --import <Distro> <InstallLocation> <FileName>, which will import the specified tar file as a new distribution.

Update and patch Linux distributions and packages

Using Linux configuration manager tools is strongly recommended for monitoring and managing Linux user space. There are a host of Linux configuration managers to choose from. Check out this blog post on how to install Puppet in WSL 2.

Enterprise security and control options

Currently, WSL offers limited control mechanisms in regard to modifying the user experience in an Enterprise scenario. Enterprise features continue in development however, below are the areas of supported and unsupported features. To request a new feature not covered in this list, file an issue in our GitHub repo.

Configuring WSL firewall rules

Microsoft implements Firewall protocols used by Windows to maintain security and block unauthorized network traffic flowing into or out of a local device. To optimize protection for devices in your network, configure your Windows Firewall based on best practices.

In regard to WSL, if the local policy merge firewall policy is set to "No" then WSL networking will not work. (For more information, see Establish local policy merge and application rules.)

To change this configuration, you can add the following to Windows firewall settings:

  • Action allow, direction Inbound, Protocol UDP, LocalPort 53, program: %Systemroot%\System32\svchost.exe, service SharedAccess

Also see: WSL has no network connection on my work machine or in an Enterprise environment.


  • Sharing an approved image internally using wsl --import and wsl --export
  • Creating your own WSL distro for your Enterprise using the WSL Distro Launcher repo

Here's a list of features for which we don't yet have support for, but are investigating.

Currently unsupported

Below is a list of commonly asked features that are currently unsupported within WSL. These requests are on our backlog and we are investigating ways to add them.

  • Synchronizing the user inside WSL with the Windows user on the host machine
  • Managing updates and patching of the Linux distributions and packages using Windows tools
  • Having Windows update also update WSL distro contents
  • Controlling which distributions users in your Enterprise can access
  • Running mandatory services (logging or monitoring) inside of WSL
  • Monitoring Linux instances using Windows configuration manager tools such as SCCM or Intune
  • McAfee support