Follow-up: Need a Group Policy method to disable WSL DNS proxy (dnsProxy)

[ssijbabu]

@OneBlue and Community,

Thank you for the earlier clarification about registry-based configuration precedence (Issue #13599).

This is a follow-up question related to that discussion.

Our organization has an enterprise requirement to disable the WSL DNS proxy (dnsProxy = false) across all managed systems for compliance reasons. Currently, this setting can only be configured in each user’s .wslconfig file, but we need a centrally enforced mechanism so that users cannot override it.

Would it be possible to expose this configuration through Group Policy—for example, by allowing administrators to define a custom policy that WSL recognizes and applies system-wide?

The goal is similar to what was discussed in #13599: enabling administrators to set organization-wide defaults, but in this case specifically for network and DNS-related settings like dnsProxy.

Implementing this would help enterprise IT teams ensure that all WSL instances remain compliant with corporate network and DNS requirements, without relying on user-managed configuration files.

Thanks again for your time and consideration. We’d appreciate any guidance on whether Group Policy support for dnsProxy (or an equivalent enterprise enforcement mechanism) is planned or possible.

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise, please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions in Collect WSL logs for networking issues

Once completed please upload the output files to this GitHub issue.

See Collect WSL logs (recommended method).

If you choose to email these logs instead of attaching them to the bug, please send them to wsl-gh-logs@microsoft.com with the GitHub issue number in the subject, and include a link to your GitHub issue comment in the message body, and reply with '/emailed-logs'.

[OneBlue]

Thank you @ssijbabu. Could you give a bit more context as to why dnsProxy=false is required for compliance in your organization ?

[microsoft-github-policy-service]

This issue has been automatically closed since it has not had any author activity for the past 7 days. If you're still experiencing this issue please re-file it as a new issue.

Thank you!