Can I run Docker Desktop on Windows without admin privileges?

Question

I know I need admin rights to install Docker Desktop; but do I have to be an admin to run it? The documentation doesn't say that I do, and Googling doesn't suggest that either; but if I try to run it as a non-privileged user, the process is killed instantly and I get an event-log entry saying "Process requires elevated rights to run."

I'm running Windows 10 Enterprise in a corporate environment and we have non-privileged accounts. Is Docker Desktop not available in this situation or have I just installed it incorrectly somehow?

score 34 · Answer 1 · answered Oct 04 '20 at 02:29

34

As of Docker Desktop 2.4 (possibly earlier, I haven't tested) this is supported. From the Windows installation instructions:

If your admin account is different to your user account, you must add the user to the docker-users group. Run Computer Management as an administrator and navigate to Local Users and Groups > Groups > docker-users. Right-click to add the user to the group. Log out and log back in for the changes to take effect.

answered Oct 04 '20 at 02:29

Simon Brady

1,877
3
13
10

Note the last instruction from @Simon Brady: "Log out and log back in for the changes to take effect". I did and this worked as advertised. – zielot Feb 14 '22 at 23:43
I'm using `Docker version 20.10.17, build 100c701` and my local user already was member of `docker-users`. Still, when I run any docker command that does something, I get this: `error during connect: This error may indicate that the docker daemon is not running.: Get "http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.project%3Ddocker%22%3Atrue%7D%7D&limit=0": open //./pipe/docker_engine: Das System kann die angegebene Datei nicht finden.` (the system couldn't find the named file) – Cadoiz Oct 17 '22 at 06:34

score 13 · Accepted Answer · answered Jan 07 '20 at 13:49

13

I have not tested it, but this article seems to indicate that you can.

TLDR;

Problem

The reason for requiring an admin session is that the Docker client in the default configuration uses a named pipe to connect to the Docker engine and that named pipe can only be accessed by administrators

Solution

To avoid this, you can simple allow your user FullControl access to that named pipe

Original author also provides a powershell tool with sources to help perform this admin task.

answered Jan 07 '20 at 13:49

aboellinger

156
1
6

Excellent - thank you! I have now become fully used to Admin rights over my machine, so am unlikely to try this: but if it does work it's clearly a better solution. – Ed Graham Jan 09 '20 at 14:09
1

Thanks! It worked! (I basically used the (sourcecode of the) tool to give the docker-users group sufficient access to that named pipe) – Peter Pesch May 28 '20 at 15:51
this worked properly. – Juan Vilar Apr 20 '22 at 08:44

score 6 · Answer 3 · answered Nov 29 '19 at 22:58

6

The answer appears to be "no". I couldn't understand how everyone else at work had avoided this problem; but then learnt that they had asked for admin rights over their local machines and been granted them! I've only been here for two and a half years ... :|

answered Nov 29 '19 at 22:58

Ed Graham

4,306
3
30
30

2

The problem with admin rights is (beside the security issues of course) that every single application that you are using to work with a Docker container/image also needs to be with those rights. For example I had to start Visual Studio Code as admin and install all the stuff I needed (and had already installed but for a normal user) so that I can use it in any sane way with Docker. – rbaleksandar Apr 04 '20 at 14:27

score 6 · Answer 4 · edited Oct 18 '22 at 19:57

6

Latest version of Docker desktop allows this, but the user should be in docker-users group.

If you are using Windows 10 Home edition, then adding multiple groups to a normal users will be a pain, even you use 'netplwiz'.

To add a new group to user you can use the below command in Powershell.

Run the powershell as admin, then execute

 net localgroup "docker-users" "<user_name>" /add

edited Oct 18 '22 at 19:57

i_want_more_edits

131
6

answered Jun 04 '21 at 05:24

Rijas Madurakuzhi

1,299
2
9
4

The proposed command also works from a normal cmd – i_want_more_edits Oct 17 '22 at 06:52
This worked for me in Windows 11 Home, which doesn't have a screen for setting local users/groups. – Joe Enos Jan 23 '23 at 15:12

JamesQMurphy · Answer 5 · 2020-03-22T17:47:09.703

3

I am able to run Docker Desktop from a non-administrator account on my Windows 10 machine. I can also issue docker commands from a non-elevated command prompt or PowerShell prompt. Note that my non-administrator account is a member of the local group docker-users.

Initially, I installed it from my administrator account, and things worked as expected, but only if I stayed logged in as administrator. If I wasn't logged in as administrator, I would get the named pipe error that aboellinger described in his answer.

Simply launching C:\Program Files\Docker\Docker\Docker Desktop.exe from my non-administrator account fixed the issue (after waiting a few seconds for the process to start). It didn't even ask to elevate permissions.

edited Mar 22 '20 at 17:47

answered Mar 19 '20 at 15:12

JamesQMurphy

4,214
1
36
41

2

Nope. You can't run `Docker desktop.exe` without admin privileges. At least I can't. And what I see on the internet, you shouldn't be able to run it by default – Kuba Šimonovský Mar 22 '20 at 10:20
@KubaŠimonovský What version are you on, and what error do you get when you run it? I also noticed that my user account, which is definitely *not* an admin account, is part of the `docker-users` account. I’ll remove my account from there and see what happens. – JamesQMurphy Mar 22 '20 at 17:11
1

@KubaŠimonovský When I removed my account from the `docker-users` group, I was unable to launch `Docker desktop.exe`, but the error was very specific: **Docker Desktop - Access Denied** You are not allowed to use Docker. You must be in the "docker-users" group. So I'm guessing that you have a different issue. – JamesQMurphy Mar 22 '20 at 17:50
ahh.. Unfortunately, I can't manipulate with groups and users because of company restrictions. So I can't try it... I have been using docker for a long time and I get used to it running it as admin – Kuba Šimonovský Mar 23 '20 at 07:03
Interesting. My error (an event-log entry saying "Process requires elevated rights to run") was different to James's; I didn't get any indication at all about the `docker-users` group. Maybe they've added that error message to a newer version? – Ed Graham Apr 05 '20 at 17:44
Once you install it, you need to log out and log back in for your membership in the new .\docker-users group to be added to your login token. – sjcaged Nov 08 '20 at 04:50

score 2 · Answer 6 · answered Dec 16 '20 at 21:50

2

The addition of my user account to group docker-users solved my problem. However, since I'm not running Win10 Pro, the GUI access to account control is not available. Instead I ran PowerShell as admin and added my user account to group docker-users there.

answered Dec 16 '20 at 21:50

Doug Hirsch

21
1

Right. You can enable Local User And Group Management in Windows 10 Home using [lusrmgr.exe](https://github.com/proviq/lusrmgr/tree/master/lusrmgr/bin/Release) as I red [here](https://www.itechtics.com/lusrmgr/) – Andrea Mattioli Mar 23 '21 at 22:17

score 1 · Answer 7 · answered Aug 11 '20 at 12:04

Docker is insecure by design, if a user can run docker command without admin rights (.i.e. belongs to docker group) this basically means that this user can escape the container and become admin on the host. No idea how exactly it can be done on Windows but it "just works" on Linux. What is the Docker security risk of /var/run/docker.sock?

Can I run Docker Desktop on Windows without admin privileges?

7 Answers7

TLDR;

Problem

Solution

Linked