From f5ebaed61f20084653611c18c941f40d508abd9f Mon Sep 17 00:00:00 2001 From: Craig Gumbley Date: Fri, 27 Sep 2024 18:02:50 +0100 Subject: [PATCH 1/2] msi: FAQ for MDM installs --- content/manuals/desktop/install/msi/faq.md | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/content/manuals/desktop/install/msi/faq.md b/content/manuals/desktop/install/msi/faq.md index f99d10ac00aa..c7c5550b20bc 100644 --- a/content/manuals/desktop/install/msi/faq.md +++ b/content/manuals/desktop/install/msi/faq.md @@ -42,3 +42,35 @@ You can suppress reboots by using the `/norestart` option when launching the ins ```powershell msiexec /i "DockerDesktop.msi" /L*V ".\msi.log" /norestart ``` + +### Why isn't the `docker-users` group populated when the MSI is installed with Intune or another MDM solution? + +It's common for MDM solutions to install applications in the context of the system account. This means that the `docker-users` group isn't populated with the user's account, as the system account doesn't have access to the user's context. + +As an example, you can reproduce this by running the installer with `psexec` in an elevated command prompt: + +```powershell +psexec -i -s msiexec /i "DockerDesktop.msi" +``` +The installation should complete successfully, but the `docker-users` group won't be populated. + +As a workaround, you can create a script that runs in the context of the user account. + +The script would be responsible for creating the `docker-users` group and populating it with the correct user. + +Here's an example script that creates the `docker-users` group and adds the current user to it (requirements may vary depending on environment): + +```powershell +$Group = "docker-users" +$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + +# Create the group +New-LocalGroup -Name $Group + +# Add the user to the group +Add-LocalGroupMember -Group $Group -Member $CurrentUser +``` + +> [!NOTE] +> +> After adding a new user to the `docker-users` group, they must log out and log back in for the changes to take effect. \ No newline at end of file From f020082a145625aaa5023a59a5687945329bfe04 Mon Sep 17 00:00:00 2001 From: Craig Gumbley Date: Mon, 30 Sep 2024 09:25:00 +0100 Subject: [PATCH 2/2] Tweak group guidance Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/desktop/install/msi/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/desktop/install/msi/faq.md b/content/manuals/desktop/install/msi/faq.md index c7c5550b20bc..94565b4c8e6f 100644 --- a/content/manuals/desktop/install/msi/faq.md +++ b/content/manuals/desktop/install/msi/faq.md @@ -73,4 +73,4 @@ Add-LocalGroupMember -Group $Group -Member $CurrentUser > [!NOTE] > -> After adding a new user to the `docker-users` group, they must log out and log back in for the changes to take effect. \ No newline at end of file +> After adding a new user to the `docker-users` group, the user must sign out and then sign back in for the changes to take effect. \ No newline at end of file