Forums
VHT Forums
How-To's
Docker desktop on w...
 
Notifications
Clear all

Docker desktop on windows server 2022 in AWS Ec2 instance

 
Page 2 / 2
How-To's
Last Post by Brandon Lee 10 months ago
17 Posts
2 Users
2 Reactions
1,431 Views
RSS
Posts: 8
 Anshul Kapoor
Topic starter
Jan 23, 2024 9:25 pm
(@anshulkapoor)
Active Member
Joined: 10 months ago

ย 

image

yes, we are trying to test the application on widows server before deplying to AWS ECSย 

new issue

i have installed the dockerusing below command in powershell as administratorย 

only user who are part of administrator group can ablw to run the docker command

.\install-docker-ce.ps1

but user who are added in remote desktop user are not able run docker commands and getting access denied error

And when remote desktop user run powershell as administrator they got an error @The app has been blocked by your administratorย 

How we can give access to remote user to access powershell as administrator withour adding them in admin groupย 

i am attaching both the error for your referenceย 

.\install-docker-ce.ps1
image
Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 397
Jan 24, 2024 11:23 am
Reply toAnshul Kapoor

@anshulkapoor I did some digging on this one. The issue relates to permissions to the Docker daemon. I was able to reproduce your error on a Windows Server 2022 host I have in my lab environment.ย 

2024 01 24 7 40 33

The solution involves just a few steps. First, you need to create the local Windows group docker-users. Then place the user you want to be able to run Docker in this group.

2024 01 24 7 41 25

Next, you need to create aย daemon.json file in this path: C:\ProgramData\docker\config. The contents of the file will contain the following:

{
    "group": "docker-users"
}
2024 01 24 11 25 56

Save the file with those contents, and then restart your Docker Engine:

image

Now, you should be able to run Docker commands as an underprivileged user without the need to launch PowerShell as an admin:

2024 01 24 11 17 16

ย 

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 12:17 pm
(@anshulkapoor)
Active Member
Joined: 10 months ago

ย 

image

i have verified these steps and found these already exist. Please find attached screenshot.

the inlt difference is these are AD user not the local user. Does that create any difference?

image
image
image
Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 397
Jan 24, 2024 12:22 pm
Reply toAnshul Kapoor

@anshulkapoor I will test on my side as well and see if it makes a difference with domain users.

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 1:41 pm
(@anshulkapoor)
Active Member
Joined: 10 months ago

Thanks the daemon.json config was like this before attached screen shot

i tried both ways host and adding tcp and only with group as well

ย 

both ways its not working

image

ย 

Reply
1 Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 397
Jan 24, 2024 8:38 pm
Reply toAnshul Kapoor

@anshulkapoor I have tested with a domain user who is a non-admin added to the local "docker-users" group, and it works for me.

2024 01 24 20 36 10
2024 01 24 20 34 56

Just curious, are you sure the Docker service was restarted after creating and making the changes to the daemon.json file?

Reply
Posts: 8
 Anshul Kapoor
Topic starter
Jan 24, 2024 9:37 pm
(@anshulkapoor)
Active Member
Joined: 10 months ago

Yes I restarted the service and reboot the server as well but not workingย 

  • when I added the domain user into adminstrator it is working fine.
Reply
2 Replies
 Anshul Kapoor
(@anshulkapoor)
Joined: 10 months ago

Active Member
Posts: 8
Jan 24, 2024 9:51 pm
Reply toAnshul Kapoor

Also prior to command line docker installation I was trying to install docker desktop in windows server 2022 was might be conflicting with docker user

Reply
Brandon Lee
 Brandon Lee
Admin
(@brandon-lee)
Joined: 14 years ago

Member
Posts: 397
Jan 25, 2024 7:19 am
Reply toAnshul Kapoor

@anshulkapoor That could be. Do you still show Docker Desktop installed on the Server in programs and features currently? Also, have you tested with a non-admin local user? Do you see the same behavior?

Reply
Brandon Lee
Posts: 397
 Brandon Lee
Admin
Jan 25, 2024 11:43 am
(@brandon-lee)
Member
Joined: 14 years ago

@anshulkapoor also, you can use Process monitor from Sysinternals to see where the exact Access Denied entries are coming from.ย 

https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

Logged in as an administrator in one session on your server, start a process monitor capture. Try to run a Docker command where you see the error in another session for an end-user.ย 

Once the error happens, stop the Process Monitor capture. Then search for "access denied" using the search function.

2024 01 25 11 40 47

This should allow seeing what is getting the permissions error. Note there may be several entries in the results.

Reply
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com