Docker for Windows - Access Denied

Question

Docker for Windows - Access Denied

Closed this issue 7 years ago · 23 comments

hmarcelodn commented 7 years ago

Expected behavior

Start Docker Daemon

Actual behavior

I am receiving a message saying:

You are not allowed to use Docker . You must be in the "docker-users" group.

Information

SO: Windows 10 Pro
Docker Version: Docker version 17.06.0-ce, build 02c1d87

Steps to reproduce the behavior

Install Docker
Open Docker for Windows

Answer 1 · 2017-06-29T17:17:06.000Z

Hi @hmarcelodn
Have you restarted your machine after installing docker? There were some security changes in the new version, and you might need to log off or restart for the to take effect.

Answer 2 · 2017-07-03T12:49:10.000Z

Same here.

Docker version: 17.06.0-ce-win18 (12627)
OS: Win 10Pro

One note more: when I launch Docker for Windows as Administrator - all is up and running, but I lost settings as if I was running for a new user.

Answer 3 · 2017-07-03T12:58:37.000Z

Got that finally working. Just add yourself to 'docker-users' group in Computer management.

Answer 4 · 2017-07-03T13:56:47.000Z

Same.

Thanks!

Answer 5 · 2017-08-01T21:43:55.000Z

My ID was already in the 'docker-users' group but there is a note there on the Computer management tool saying that I need to log in again in order to take effect,

I am going to log off and try again,

Answer 6 · 2017-12-17T19:34:16.000Z

You need to add your logon account to Windows group, docker-users. Docker for Window will create this group automatically when docker for Windows is installed.

Steps:

Logon to Windows as Administrator
Go to Windows Administrator Tools
Look for Windows Computer Management and click on it.
Or you can skip steps 1, right mouse clicking Computer Management, go to more, and select run as administrator and provide Administrator password.
Double click docker-users group and add your account as member.
Also add your account to Hyper-V Administrator. This was added when you installed docker for Windows.
Log off from Windows and log back on.
Click on Windows icon on bottom left and start Docker for Windows. This will start docker windows service.
9 Start Windows Powershell and type docker --version. It will show Docker version 17.09.1-ce, build 19e2cf6. This is the latest version.

You are good to go. Now just follow docker getting started to configure docker daemon.

Answer 7 · 2018-01-14T00:51:03.000Z

I just ran into this while trying to upgrade to 17.12.0-ce-win47. That's what I get for clicking the nice pretty upgrade button. Now, my user is already in the docker-users group. Yet, I can't delete the Docker folder.. quite maddening. Time to dig through Windows security BS to get this fixed.

Access to the path 'C:\Program Files\Docker\Docker\Bugsnag.dll' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at LightweightInstaller.UnpackArtifactsStep.<DoAsync>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LightweightInstaller.InstallWorkflow.<HandleD4WPackage>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LightweightInstaller.InstallWorkflow.<ProcessAsync>d__18.MoveNext()

Answer 8 · 2018-01-27T16:08:16.000Z

same issue with 17.12.0-ce-win47. Resolved following @imransdq above; turns out that I was not in the Hyper-V Administrator group

Answer 9 · 2018-02-02T21:39:10.000Z

i've got into this situation many times .. such BS ... also got into jregemibal's situation and had a folder that was undeletable (needed to go into startup mode console and delete the folder)..

Answer 10 · 2018-04-20T18:16:10.000Z

OK, so I am unable to add my user account to the "docker-users" group as it does not exist. I have an Azure AD joined machine.

I have run
C:\WINDOWS\system32>net localgroup docker-users AzureAD\MartinHinshelwoodnkd /add
The command completed successfully.

But this did not work...

I can confirm that my account is in the "docker-users" group, but I get the same Access Denied message. Also with elevation.

Answer 11 · 2018-07-21T12:14:49.000Z

Docker version 18.03.1-ce, build 9ee9f40 still has the issue. All users are added to docker-users group!!!

Answer 12 · 2018-07-23T01:48:06.000Z

Resolved. I must login to active directory and add myself into docker-users group. I was using local account and that's why it failed.

Answer 13 · 2018-07-25T18:21:19.000Z

I tried adding both myself and Admin to Active Directory, still receiving:
'You are not allowed to use Docker . You must be in the "docker-users" group.'
Also receiving:
'error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.38/version: open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.' even when running PS in elevated...

Answer 14 · 2019-06-28T11:41:04.000Z

I have a Windows image with docker installed and configured to run on windows start up. My issue occurs when team city spins up a VM instance off of the image that contains docker. As part of this process team city creates a new user account to access the instance. When docker runs on start up I get the error that this new user is not part of the docker-users group. Is there a way to configure my image that knows about docker to say that any new users created should have the ability to run docker.?

Answer 15 · 2019-07-17T21:38:27.000Z

I have run
C:\WINDOWS\system32>net localgroup docker-users AzureAD\MartinHinshelwoodnkd /add
The command completed successfully.

Thanks for the tip! I have an Azure AD joined machine running Windows 10 Pro. But when I tried to add myself to the docker-users group through Computer Management, it only saw my local computer in the domain list, and did not accept my username in the form AzureAD\MyUsername, because it did not recognize the AzureAD domain. For some strange reason, I was able to add myself to the docker-users group by running the above command in an elevated command prompt. After restarting the computer, I was able to start Docker successfully. Awesome!

Answer 16 · 2019-10-09T20:57:45.000Z

Got that finally working. Just add yourself to 'docker-users' group in Computer management.

If by any reason Computer Management UI could not find your AzureAD account here is a script to whick helped me to add myself to the group net localgroup docker-users AzureAD\[UserName] /add

Answer 17 · 2019-11-28T04:32:07.000Z

In case a windows home user stumbles upon this article. The solutions in this thread are for windows Pro users and it does not come with Computer Management UI.
You can, however, use the following powershell commands to get this working.
New-LocalGroup -Name 'docker-users' -Description 'docker Users Group' Add-LocalGroupMember -Group 'Administrators' -Member ('docker-users') –Verbose Add-LocalGroupMember -Group 'docker-users' -Member ('{INSERT YOUR USERNAME HERE}','Administrators') –Verbose

Answer 18 · 2019-12-17T06:56:14.000Z

4. Or you can skip steps 1, right mouse clicking Computer Management, go to more, and select run as administrator and provide Administrator password.

I am also facing same issues on windows. I had follow till 4 setup . but I am unable to find docker user group in window how do I add user group .pls help me out

Answer 19 · 2020-05-29T03:53:18.000Z

With windows 2004 coming out, docker can be run on windows 10 home through wsl 2. Unfortunately, computer management doesn't allow you to manage user groups in windows 10 home. To get around this you can add your user to the docker-users group with:

net localgroup "docker-users" "<your username>" /add

Answer 20 · 2020-06-18T12:26:47.000Z

With windows 2004 coming out, docker can be run on windows 10 home through wsl 2. Unfortunately, computer management doesn't allow you to manage user groups in windows 10 home. To get around this you can add your user to the docker-users group with:
net localgroup "docker-users" "<your username>" /add

Thank you. It works for me

Answer 21 · 2020-07-06T18:16:39.000Z

Just as a side note: I ran into this issue last week (7/4/2020), updating docker worked for me.

Answer 22 · 2020-07-29T16:51:43.000Z

Hi @hmarcelodn
Have you restarted your machine after installing docker? There were some security changes in the new version, and you might need to log off or restart for the to take effect.

Thanks for the tip, I ended in this issue why installing using Chocolatey package manager, doing all by scripting it does show the alert message saying that you need to logout and login neither to restart the machine as it was shown installing manually from the web download.

Hope this helps someone else.

Answer 23 · 2020-08-28T03:00:07.000Z

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked