Forums
VHT Forums
How-To's
Docker desktop on w...
 
Share:
Notifications
Clear all

Docker desktop on windows server 2022 in AWS Ec2 instance

 
Page 2 / 2
    Last Post
RSS

Posts: 8
 Anshul Kapoor
Topic starter
Jan 23, 2024 10:25 pm
(@anshulkapoor)
Active Member
Joined: 1 year ago

 

image

yes, we are trying to test the application on widows server before deplying to AWS ECS 

new issue

i have installed the dockerusing below command in powershell as administrator 

only user who are part of administrator group can ablw to run the docker command

.\install-docker-ce.ps1

but user who are added in remote desktop user are not able run docker commands and getting access denied error

And when remote desktop user run powershell as administrator they got an error @The app has been blocked by your administrator 

How we can give access to remote user to access powershell as administrator withour adding them in admin group 

i am attaching both the error for your reference 

.\install-docker-ce.ps1
image
Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 15 years ago

Member
Posts: 537
Jan 24, 2024 12:23 pm
Reply toAnshul Kapoor

@anshulkapoor I did some digging on this one. The issue relates to permissions to the Docker daemon. I was able to reproduce your error on a Windows Server 2022 host I have in my lab environment. 

2024 01 24 7 40 33

The solution involves just a few steps. First, you need to create the local Windows group docker-users. Then place the user you want to be able to run Docker in this group.

2024 01 24 7 41 25

Next, you need to create a daemon.json file in this path: C:\ProgramData\docker\config. The contents of the file will contain the following:

{
    "group": "docker-users"
}
2024 01 24 11 25 56

Save the file with those contents, and then restart your Docker Engine:

image

Now, you should be able to run Docker commands as an underprivileged user without the need to launch PowerShell as an admin:

2024 01 24 11 17 16

 

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 1:17 pm
(@anshulkapoor)
Active Member
Joined: 1 year ago

 

image

i have verified these steps and found these already exist. Please find attached screenshot.

the inlt difference is these are AD user not the local user. Does that create any difference?

image
image
image
Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 15 years ago

Member
Posts: 537
Jan 24, 2024 1:22 pm
Reply toAnshul Kapoor

@anshulkapoor I will test on my side as well and see if it makes a difference with domain users.

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 2:41 pm
(@anshulkapoor)
Active Member
Joined: 1 year ago

Thanks the daemon.json config was like this before attached screen shot

i tried both ways host and adding tcp and only with group as well

 

both ways its not working

image

 

Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 15 years ago

Member
Posts: 537
Jan 24, 2024 9:38 pm
Reply toAnshul Kapoor

@anshulkapoor I have tested with a domain user who is a non-admin added to the local "docker-users" group, and it works for me.

2024 01 24 20 36 10
2024 01 24 20 34 56

Just curious, are you sure the Docker service was restarted after creating and making the changes to the daemon.json file?

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 10:37 pm
(@anshulkapoor)
Active Member
Joined: 1 year ago

Yes I restarted the service and reboot the server as well but not working 

  • when I added the domain user into adminstrator it is working fine.
Reply
2 Replies
 Anshul Kapoor
(@anshulkapoor)
Joined: 1 year ago

Active Member
Posts: 8
Jan 24, 2024 10:51 pm
Reply toAnshul Kapoor

Also prior to command line docker installation I was trying to install docker desktop in windows server 2022 was might be conflicting with docker user

Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 15 years ago

Member
Posts: 537
Jan 25, 2024 8:19 am
Reply toAnshul Kapoor

@anshulkapoor That could be. Do you still show Docker Desktop installed on the Server in programs and features currently? Also, have you tested with a non-admin local user? Do you see the same behavior?

Reply
Brandon Lee
Posts: 537
 Brandon Lee
Admin
Jan 25, 2024 12:43 pm
(@brandon-lee)
Member
Joined: 15 years ago

@anshulkapoor also, you can use Process monitor from Sysinternals to see where the exact Access Denied entries are coming from. 

LEARN.MICROSOFT.COM "https://learn.microsoft.com/en-us/sysinternals/downloads/procmon"
Process Monitor - Sysinternals | Microsoft Learn
Monitor file system, Registry, process, thread and DLL activity in real-time.

Logged in as an administrator in one session on your server, start a process monitor capture. Try to run a Docker command where you see the error in another session for an end-user. 

Once the error happens, stop the Process Monitor capture. Then search for "access denied" using the search function.

2024 01 25 11 40 47

This should allow seeing what is getting the permissions error. Note there may be several entries in the results.

Reply
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  

Currently viewing this topic 1 guest.

VMware Compatible Mini PCs

As an Amazon Associate & B&H Affiliate, I earn from qualifying purchases.

New Mac M3 and M4 Releases!

Proxmox Server Build 2025

As an Amazon Associate, I earn from qualifying purchases.