Partilhar via


Configuring Docker for Windows Shared Drives / Volume Mounting with AD

If you've had a chance to work with the Docker for Windows beta, you've seen the promise for how much easier this can be compared to VirtualBox.

That said, there are still some issues, thus the beta tag.

One such issue is volume mounting. If you work for an enterprise, you more than likely log into your machine with corporate/domain credentials. When you configure Docker for Windows Shared Drives, you'll get prompted with your credentials.
d4w-shared-drives

You most likely entered your corporate domain account. <domain>\user  and this will work just fine while you're in the office.

However, once you leave the comply/cozy network; like going home to get work done, or at a customer site, you may have noticed volume sharing has stopped working. It may still work if you happen to have everything cached. But, if you restart Moby, reboot your computer; you're SOL. Sitting On Lollipops, as Docker for Windows is unable to re-verify the credentials when it attempts to remount the drives. grrrrr

You might assume you could just use a local user account, and you could, but theirs one extra step that will likely confuse you at first.

  • On Windows 10, hit the start menu (CTRL + ESC)
  • Type "local users" , and launch the Edit local users and groups control panel applet.
  • Add a new user. I use DockerHost
    add-dockerhost-user
  • Set the password policy settings as above
  • Add a password, that you'll remember, but others wont guess. This is an account that will have broad access to your hard drive
  • Add them to the local administrators group
    add-administrator-group

So, that's what I would have assumed would work. And it did, sort of. When I use the handy dandy snippet to test volume mounting, I found I had strange results. Kudos to the docker team for having some fun with XAML and giving such a great visual, that actually functions. Between the professional cartoonist and developers focused on productivity, docker really has the user experience down.
If I ran docker run -v c:/Users:/data alpine ls /data, I noticed I was only seeing a partial list of information. And, it didn't include the directories, or my projects.

It turns out, that since Windows 7, users in the Administrators group don't actually have access to everything. Particularly, the c:\Users\<another user> directory.
To fix this, do the following:

  • [CTRL] + [ALT] + [DEL] and select Switch Users
  • Log in as the DockerHost account you created. In my case, .\DockerHost. Note, you'll need to use .\ to tell Windows you want to login to the local group, not the default domain.
  • Once Windows gracefully welcomes you, navigate to c:\Users\
  • Now, try to open your user folder. The one you typically log in using your corporate credentials
  • You'll notice an interesting dialog coming up that was the "blues clue" to this whole issue.
    grantpermissions
  • Click [Continue] , wait a bit for Windows to apply all the ACLs, and voila. You're now in.

Log out of this local account, and go back to your primary account.

Try the docker command again: docker run -v c:/Users:/data alpine ls /data

Does that directory listing look a bit more accurate?

As with most problems, the answer is quite obvious why it works, once the answer to the puzzle has been viewed. In this case, I don't mind skimming to the back of the book and seeing the answer. I hope this was helpful to you as well

Steve

Comments

  • Anonymous
    June 27, 2016
    Thank you so much for this article. I was lost for an hour and couldn't get a partition to mount because it would not accept the credentials.
  • Anonymous
    August 30, 2016
    Thanks a lot for this! I might add that it seems once you have tried unsuccessfully mounting the shared folder you might need to do a "reset to defaults" in the Docker for Windows settings before you try it again after fixing up the permissions, as otherwise it seems to have created empty directory structure on the HyperV VM that it uses internally.
  • Anonymous
    September 20, 2016
    I followed these instructions and after a few tries the way I made it work was by giving Docker the local computer name as part of the credential (i.e. MYCOMPUTER\DockerHost )
    • Anonymous
      September 20, 2016
      Hi Jose,Yeah, I updated the post to be more specific for how to log into a local account.
      • Anonymous
        September 20, 2016
        oh I maybe I didn't see that when I first read your post. :) thanks for the info nonetheless.
  • Anonymous
    September 26, 2016
    Thanks for this! I was desperately trying to figure this out.
  • Anonymous
    January 09, 2017
    Microsoft, this no longer works. (As usual)Everything I read on this website as well as Docker is always out of date. (And it's not even that old)
    • Anonymous
      January 10, 2017
      Hi Nicholas,First, I apologize for your frustration. This prompted this post: https://blogs.msdn.microsoft.com/stevelasker/2017/01/10/balancing-change-feedback-learning-impact-to-customers-change/ to try and address your feedback. Specific to this post on volume mapping, can you help with what problems you're still seeing? Steve
    • Anonymous
      May 24, 2017
      I tried here with Windows 10 up to date and it works.For security reasons, I need to change my password several times during the year. So creating new user with fixed password to have access to my user is brilliant.Thanks a lot Steve!
  • Anonymous
    May 30, 2017
    I need do this in windows 7 (with Docker Toolbox). Any ideas how can i do it?
    • Anonymous
      May 30, 2017
      Hi Christian,We've considered the support for Windows 7 as well as Visual Studio 2015 support: https://blogs.msdn.microsoft.com/stevelasker/2016/11/22/visual-studio-docker-tools-support-for-visual-studio-2015-2017/While we appreciate there's a segment of customers that are being restricted to stay on Windows 7 due to corporate standards, the need to keep moving forward at a fast pace became a higher priority than maintaining older platforms. Docker is still in an early adopter/adoption phase. Basically, it boils do to: if you're using containers, you're by definition an early adopter. Taking advantage of the improvements of Windows 10 & Docker for Windows, over Docker Toolbox, Visual Studio 2017, over 2015 just became too much to try an maintain older platforms for quickly emerging techs. While I realize it's frustrating, I hope you can appreciate what it would mean to maintain the matrix of techs. Steve
  • Anonymous
    July 27, 2017
    Trying this on windows 10 - no joy so far. Always the same problem:when I go to Shared drives in Docker Settings and check C, then apply, there is a long pause until the check mark clears itself silently. I have created the dummy user account as you suggest &c.Any ideas?BTW:docker run -v c:/Users:/data alpine ls /datadocker: Error response from daemon: An error occured while sharing drive.See 'docker run --help'.
    • Anonymous
      August 04, 2017
      I got the same results as you did on Windows 10 until I chose the option to "Reset credentials..." on the Shared Drives Docker settings.
    • Anonymous
      September 07, 2017
      I had the same issue - a reboot fixed this mysterious issue for me.
  • Anonymous
    August 01, 2017
    My shared drives stopped working after I linked my Microsoft account to my PC. I could not get docker to accept my credentials when trying to share the drive. Once I switched back to a local account things started working again.Probably there is a way to provide the Microsoft account credentials in the dialog, but I didn't figure out how to do that.
  • Anonymous
    October 25, 2017
    To quickly open the "User and groups" type "lusrmgr.msc" in the command command prompt
  • Anonymous
    December 11, 2017
    Hi Steve, I am facing is little different issue than listed here but it is also related to windows shared volumes . I am using docker-compose.yml for launching the docker containers and using windows host volume for storing the application data . All the containers have the restart always flags enabled. When I reboot the host machine (Windows 10 Enterprise ), the containers restart but it appears the volumes are not mounted. Do you know is there any way to fix this problem .
  • Anonymous
    December 30, 2018
    Thank you so much for this! It solved my issue with only the addition that I needed to restart my machine before I could get Docker to accept the newly-created DockerHost user when setting the credentials for drive access under Docker's Shared Drives. Note: Currently using Docker Desktop Community 2.0.0.0-win81 on Windows 10 Pro.