FAQs for Docker Desktop for Windows
Can I use VirtualBox alongside Docker Desktop?
Yes, you can run VirtualBox along with Docker Desktop if you have enabled the Windows Hypervisor Platform feature on your machine.
Why is Windows 10 or Windows 11 required?
Docker Desktop uses the Windows Hyper-V features. While older Windows versions have Hyper-V, their Hyper-V implementations lack features critical for Docker Desktop to work.
Can I install Docker Desktop on Windows 10 Home?
If you are running Windows 10 Home (starting with build 19045), you can install Docker Desktop for Windows with the WSL 2 backend.
Can I run Docker Desktop on Windows Server?
No, running Docker Desktop on Windows Server is not supported.
Why do I see the Docker Desktop Access Denied error message when I try to start Docker Desktop?
Docker Desktop displays the Docker Desktop - Access Denied error if a Windows user is not part of the docker-users group.
If your admin account is different to your user account, add the docker-users group. Run Computer Management as an administrator and navigate to Local Users and Groups* > Groups > docker-users.
Right-click to add the user to the group. Sign out and sign back in for the changes to take effect.
Why does Docker Desktop fail to start when anti-virus software is installed?
Some anti-virus software may be incompatible with Hyper-V and Windows 10 builds which impact Docker Desktop. For more information, see Docker Desktop fails to start when anti-virus software is installed.
Can I change permissions on shared volumes for container-specific deployment requirements?
Docker Desktop does not enable you to control (chmod)
the Unix-style permissions on
shared volumes for
deployed containers, but rather sets permissions to a default value of
0777
(read, write, execute permissions for user and for
group) which is not configurable.
For workarounds and to learn more, see Permissions errors on data directories for shared volumes.
How do symlinks work on Windows?
Docker Desktop supports two types of symlinks: Windows native symlinks and symlinks created inside a container.
The Windows native symlinks are visible within the containers as symlinks, whereas symlinks created inside a container are represented as mfsymlinks. These are regular Windows files with a special metadata. Therefore the symlinks created inside a container appear as symlinks inside the container, but not on the host.
File sharing with Kubernetes and WSL 2
Docker Desktop mounts the Windows host filesystem under /run/desktop inside the container running Kubernetes.
See the
Stack Overflow post for an example of how to configure a Kubernetes Persistent Volume to represent directories on the host.
How do I add custom CA certificates?
You can add trusted Certificate Authorities (CAs) to your Docker daemon to verify registry server certificates, and client certificates, to authenticate to registries.
Docker Desktop supports all trusted Certificate Authorities (CAs) (root or intermediate). Docker recognizes certs stored under Trust Root Certification Authorities or Intermediate Certification Authorities.
Docker Desktop creates a certificate bundle of all user-trusted CAs based on the Windows certificate store, and appends it to Moby trusted certificates. Therefore, if an enterprise SSL certificate is trusted by the user on the host, it is trusted by Docker Desktop.
To learn more about how to install a CA root certificate for the registry, see Verify repository client with certificates in the Docker Engine topics.
How do I add client certificates?
You can add your client certificates
in ~/.docker/certs.d/<MyRegistry><Port>/client.cert and
~/.docker/certs.d/<MyRegistry><Port>/client.key. You do not need to push your certificates with git commands.
When the Docker Desktop application starts, it copies the
~/.docker/certs.d folder on your Windows system to the /etc/docker/certs.d
directory on Moby (the Docker Desktop virtual machine running on Hyper-V).
You need to restart Docker Desktop after making any changes to the keychain
or to the ~/.docker/certs.d directory in order for the changes to take effect.
The registry cannot be listed as an insecure registry (see
Docker Daemon). Docker Desktop ignores
certificates listed under insecure registries, and does not send client
certificates. Commands like docker run that attempt to pull from the registry
produce error messages on the command line, as well as on the registry.
To learn more about how to set the client TLS certificate for verification, see Verify repository client with certificates in the Docker Engine topics.
How do I switch between Windows and Linux containers
From the Docker Desktop menu, you can toggle which daemon (Linux or Windows) the Docker CLI talks to. Select Switch to Windows containers to use Windows containers, or select Switch to Linux containers to use Linux containers (the default).
For more information on Windows containers, refer to the following documentation:
-
Microsoft documentation on Windows containers.
-
Build and Run Your First Windows Server Container (Blog Post) gives a quick tour of how to build and run native Docker Windows containers on Windows 10 and Windows Server 2016 evaluation releases.
-
Getting Started with Windows Containers (Lab) shows you how to use the MusicStore application with Windows containers. The MusicStore is a standard .NET application and, forked here to use containers, is a good example of a multi-container application.
-
To understand how to connect to Windows containers from the local host, see I want to connect to a container from Windows
Note
When you switch to Windows containers, Settings only shows those tabs that are active and apply to your Windows containers. These are:
If you set proxies or daemon configuration in Windows containers mode, these apply only on Windows containers. If you switch back to Linux containers, proxies and daemon configurations return to what you had set for Linux containers. Your Windows container settings are retained and become available again when you switch back.