Frequently Asked Questions about Windows Subsystem for Linux

What is Windows Subsystem for Linux (WSL)?

The Windows Subsystem for Linux (WSL) is a feature of Windows 10 that enables you to run native Linux command-line tools directly on Windows, alongside your traditional Windows desktop and apps.

See the about page for more details.

Who is WSL for?

This is primarily a tool for developers, especially web developers, those working on open source projects, or deploying to Linux server environments. WSL is for anyone who likes using Bash, common Linux tools ( sed , awk , etc.) and Linux-first frameworks (Ruby, Python, etc.) but also enjoys using Windows productivity tools

What can I do with WSL?

WSL enables you to run Linux in a Bash shell with your choice of distribution (Ubuntu, Debian, OpenSUSE, Kali, Alpine, etc). Using Bash, you can run command-line Linux tools and apps. For example, type lsb_release -a and hit enter; you’ll see details of the Linux distro currently running:

You can also access your local machine’s file system from within the Linux Bash shell – you’ll find your local drives mounted under the /mnt folder. For example, your C: drive is mounted under /mnt/c :

Could you describe a typical development workflow that incorporates WSL?

WSL targets a developer audience with the intent to be used as part of an inner development loop. Let’s say that Sam is creating a CI/CD pipeline (Continuous Integration & Continuous Delivery) and wants to test it first on a local machine (laptop) before deploying it to the cloud. Sam can enable WSL (& WSL 2 to improve speed and performance), and then use a genuine Linux Ubuntu instance locally (on the laptop) with whatever Bash commands and tools they prefer. Once the development pipeline is verified locally, Sam can then push that CI/CD pipeline up to the cloud (ie Azure) by making it into a Docker container and pushing the container to a cloud instance where it runs on a production-ready Ubuntu VM.

What is Bash?

Bash is a popular text-based shell and command-language. It is the default shell included within Ubuntu and other Linux distros, and in macOS. Users type commands into a shell to execute scripts and/or run commands and tools to accomplish many tasks.

How does this work?

Check out our blog where we go into detail about the underlying technology.

Why would I use WSL rather than Linux in a VM?

WSL requires fewer resources (CPU, memory, and storage) than a full virtual machine. WSL also allows you to run Linux command-line tools and apps alongside your Windows command-line, desktop and store apps, and to access your Windows files from within Linux. This enables you to use Windows apps and Linux command-line tools on the same set of files if you wish.

Why would I use, for example, Ruby on Linux instead of on Windows?

Some cross-platform tools were built assuming that the environment in which they run behaves like Linux. For example, some tools assume that they are able to access very long file paths or that specific files/folders exist. This often causes problems on Windows which often behaves differently from Linux.

Many languages like Ruby and node are often ported to, and run great, on Windows. However, not all of the Ruby Gem or node/NPM library owners port their libraries to support Windows, and many have Linux-specific dependencies. This can often result in systems built using such tools and libraries suffering from build and sometimes runtime errors or unwanted behaviors on Windows.

These are just some of issues that caused many people to ask Microsoft to improve Windows’ command-line tools and what drove us to partner with Canonical to enable native Bash and Linux command-line tools to run on Windows.

What does this mean for PowerShell?

While working with OSS projects, there are numerous scenarios where it’s immensely useful to drop into Bash from a PowerShell prompt. Bash support is complementary and strengthens the value of the command-line on Windows, allowing PowerShell and the PowerShell community to leverage other popular technologies.

Can I run ALL Linux apps in WSL?

No! WSL is a tool aimed at enabling users who need them to run Bash and core Linux command-line tools on Windows.

WSL does not yet support GUI desktops or applications (e.g. Gnome, KDE, etc.) Follow the Command Line Blog for updates.

Also, even though you will be able to run many popular server applications (e.g. Redis), we do not recommend WSL for hosting production services – Microsoft offers a variety of solutions for running production Linux workloads in Azure, Hyper-V, and Docker.

What Windows SKUs is WSL included in?

Windows Subsystem for Linux is available on the desktop version of Windows for Windows 10 Anniversary and Creators update or later.

Beginning in the Fall Creators update WSL will be available on both the desktop and server SKUs of Windows.

What processors does WSL support?

WSL supports x64 and ARM CPUs.

How do I access my C: drive?

Mount points for hard drives on the local machine are automatically created and provide easy access to the Windows file system.

/mnt/ /

Example usage would be cd /mnt/c to access c:\

How do I set up Git Credential Manager? (How do I use my Windows Git permissions in WSL?)

Git Credential Manager enables you to authenticate a remote Git server, even if you have a complex authentication pattern like Azure Active Directory or two-factor authentication. Git Credential Manager integrates into the authentication flow for services like GitHub and, once you’re authenticated to your hosting provider, requests a new authentication token. It then stores the token securely in the Windows Credential Manager. After the first time, you can use git to talk to your hosting provider without needing to re-authenticate. It will just access the token in the Windows Credential Manager.

To set up Git Credential Manager for use with a WSL distribution, open your distribution and enter this command:

Now any git operation you perform within your WSL distribution will use the credential manager. If you already have credentials cached for a host, it will access them from the credential manager. If not, you’ll receive a dialog response requesting your credentials, even if you’re in a Linux console.

How do I use a Windows file with a Linux app?

One of the benefits of WSL is being able to access your files via both Windows and Linux apps or tools.

WSL mounts your machine’s fixed drives under the /mnt/ folder in your Linux distros. For example, your C: drive is mounted under /mnt/c/

Using your mounted drives, you can edit code in, for example, C:\dev\myproj\ using Visual Studio / or VS Code, and build/test that code in Linux by accessing the same files via /mnt/c/dev/myproj .

IMPORTANT NOTE: One of the key limitations of using WSL is that directly accessing/changing files in your Linux distros’ file system using Windows apps or tools is not supported. See: Do not change Linux files using Windows apps and tools

Are files in the Linux drive different from the mounted Windows drive?

Files under the Linux root (i.e. / ) are controlled by WSL which mimics Linux specific behavior, including but not limited to:

• Files which contain invalid Windows filename characters
• Symlinks created for non-admin users
• Changing file attributes through chmod and chown
• File/folder case sensitivity

Files in mounted drives are controlled by Windows and have the following behaviors:

• Support case sensitivity
• All permissions are set to best reflect the Windows permissions

Why are there so many errors when I run apt-get upgrade?

Some packages use features that we haven’t implemented yet. udev , for example, isn’t supported yet and causes several apt-get upgrade errors.

To fix issues related to udev , follow the following steps:

Write the following to /usr/sbin/policy-rc.d and save your changes.

Add execute permissions to /usr/sbin/policy-rc.d

Run the following commands

How do I uninstall a WSL Distribution?

On builds prior to 1709 (16299) open a command prompt and run:

WSL distributions installed from the store can be uninstalled like any other Windows app, by right-clicking on the app tile and clicking Uninstall, or via PowerShell using the Remove-AppxPackage cmdlet).

Why does ping generate permission denied errors?

In WSL builds Properties -> Uncheck «Use legacy console»

Click OK

Why do I get «Error: 0x80040154» when I run bash.exe after upgrading Windows?

The «Windows Subsystem for Linux» feature may be disabled during a Windows update. If this happens the Windows feature must be re-enabled. Instructions for enabling the «Windows Subsystem for Linux» feature can be found in the Installation Guide.

How do I change the display language of WSL?

WSL install will try to automatically change the Ubuntu locale to match the locale of your Windows install. If you do not want this behavior you can run this command to change the Ubuntu locale after install completes. You will have to relaunch bash.exe for this change to take effect.

The below example changes to locale to en-US:

Why do I not have internet access from WSL?

Some users have reported issues with specific firewall applications blocking internet access in WSL. The firewalls reported are:

1. Kaspersky
2. AVG
3. Avast
4. Symantec Endpoint Protection
5. F-Secure

In some cases turning off the firewall allows for access. In some cases simply having the firewall installed looks to block access.

How do I access a port from WSL in Windows?

WSL shares the IP address of Windows, as it is running on Windows. As such you can access any ports on localhost e.g. if you had web content on port 1234 you could https://localhost:1234 into your Windows browser.

How can I back up my WSL distros, or move them from one drive to another?

The best way to backup or move your distros is via the export/import commands available in Windows Version 1809 and later. You can export your entire distribution to a tarball using the wsl —export command. You can then import this distro back into WSL using the wsl —import command, which can name a new drive location for the import, allowing you to backup and save states of (or move) your WSL distributions.

Please note that traditional backup services that backup files in your AppData folders (like Windows Backup) will not corrupt your Linux files.

Where can I provide feedback?

You can share feedback and ask questions through multiple channels.

If you have technical issues, or want to request new features please go to our Github issue tracker:

If you’d like to stay up to date with the latest WSL news you can do so with:

• Our command-line team blog
• Twitter. Please follow @craigaloewen on Twitter to learn of news, updates, etc.

4698(S): A scheduled task was created.

Applies to

• Windows 10
• Windows Server 2016

Event Description:

This event generates every time a new scheduled task is created.

NoteВ В For recommendations, see Security Monitoring Recommendations for this event.

Event XML:

Windows 10 Versions 1903 and above augments the event with these additional properties: Event Version 1. Event XML:

Required Server Roles: None.

Minimum OS Version: Windows Server 2008, Windows Vista.

Event Versions: 0.

Field Descriptions:

Subject:

• Security ID [Type = SID]: SID of account that requested the “create scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.

NoteВ В A security identifier (SID) is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see Security identifiers.

Account Name [Type = UnicodeString]: the name of the account that requested the “create scheduled task” operation.

Account Domain [Type = UnicodeString]: subject’s domain or computer name. Formats vary, and include the following:

Domain NETBIOS name example: CONTOSO

Lowercase full domain name: contoso.local

Uppercase full domain name: CONTOSO.LOCAL

For some well-known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.

For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

Logon ID [Type = HexInt64]: hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “4624: An account was successfully logged on.”

Task Information:

• Task Name [Type = UnicodeString]: new scheduled task name. The format of this value is “\task_path\task_name”, where task_path is a path in Microsoft Task Scheduler tree starting from “Task Scheduler Library” node:

• Task Content [Type = UnicodeString]: the XML content of the new task. For more information about the XML format for scheduled tasks, see “XML Task Definition Format.”

Security Monitoring Recommendations

For 4698(S): A scheduled task was created.

We recommend monitoring all scheduled task creation events, especially on critical computers or devices. Scheduled tasks are often used by malware to stay in the system after reboot or for other malicious actions.

Monitor for new tasks located in the Task Scheduler Library root node, that is, where Task Name looks like ‘\TASK_NAME’. Scheduled tasks that are created manually or by malware are often located in the Task Scheduler Library root node.

In the new task, if the Task Content: XML contains Password value, trigger an alert. In this case, the password for the account that will be used to run the scheduled task will be saved in Credential Manager in cleartext format, and can be extracted using Administrative privileges.