Added a CustomDistributionManifest policy

[craigloewen-msft]

Summary of the Pull Request

Adds a CustomDistributionManifest policy for IT admins to set a distribution manifest via policy.

PR Checklist

• Closes: Enterprise admins can set policy for their WSL Distribution manifest #14235
• Communication: I've discussed this with core contributors already. If work hasn't been agreed, this work might be rejected
• Tests: Not sure if tests are needed
• Localization: All end user facing strings can be localized
• Dev docs: Added/updated if needed
• Documentation updated: I will own updating the docs once it's merged.

Detailed Description of the Pull Request / Additional comments

Adds a CustomDistributionManifest policy to WSL which just acts as an override for the regular value in the registry.

Validation Steps Performed

Ran a VM, set the policy in the VM and validated it works for both URL content and JSON content

[Copilot]

Pull request overview

Adds an enterprise policy (CustomDistributionManifest) allowing IT admins to override WSL’s distribution manifest (URL or inline JSON), and surfaces a user warning when the list is policy-controlled.

Changes:

• Introduces a new WSL policy value name and helper to read string policy values from HKLM\Software\Policies\WSL.
• Updates distribution manifest loading to honor the policy override and adds a PolicyOverridden flag.
• Adds user-facing warnings + localization, and wires the new setting into the Intune/Group Policy ADMX/ADML templates.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/windows/inc/wslpolicies.h	Adds CustomDistributionManifest policy name and GetStringPolicyValue helper.
src/windows/common/Distribution.h	Tracks whether the distribution list is overridden by policy.
src/windows/common/Distribution.cpp	Loads manifest from policy (JSON or URL) and refactors filtering/finalization.
src/windows/common/WslInstall.cpp	Emits a user warning when installs use a policy-overridden distribution list.
src/windows/common/WslClient.cpp	Emits a user warning when --list --online uses a policy-overridden list.
localization/strings/en-US/Resources.resw	Adds localized warning string.
intune/en-US/WSL.adml	Adds UI strings/presentation for the new policy.
intune/WSL.admx	Defines the new machine policy and registry value mapping.

[craigloewen-msft]

Added in reviews and tested out with error codes, seems like it looks good:

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

---

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

GetStringPolicyValue currently queries only RRF_RT_REG_SZ and doesn’t guard against a 0-byte size result. Elsewhere in the codebase (registry::ReadOptionalString) string reads accept REG_EXPAND_SZ as well and treat Size==0 as not present. Consider mirroring that behavior here (include RRF_RT_REG_EXPAND_SZ, early-return on size==0, and trim using wcsnlen/resize rather than manual null popping) so policy values like "%SystemRoot%..." work and empty values don’t throw.

[Copilot]

ReadFromJsonOrUrl(): when the policy value is all whitespace, first_not_of() returns npos but the code calls ReadFromManifest(value) with the untrimmed whitespace string. This will likely fail URI parsing in a confusing way. Treat whitespace-only values as empty/invalid explicitly (e.g., return an error that the policy is set but empty, or ignore the policy override) instead of attempting a fetch.

Suggested change

	return ReadFromManifest(value);
	// Treat whitespace-only values as no override and fall back to the default manifest URL.
	return ReadFromManifest(c_defaultDistroListUrl);