publish updates from main (#22892)

Automated pull request for publishing docs updates.

---------

Co-authored-by: Allie Sadler <[email protected]>
Co-authored-by: Andreas Heck <[email protected]>
Co-authored-by: aevesdocker <[email protected]>

Author: aevesdocker

content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md

@@ -462,6 +462,38 @@ The Virtual Machine Management Service failed to start the virtual machine 'Dock
 
 Try [enabling nested virtualization](/manuals/desktop/setup/vm-vdi.md#turn-on-nested-virtualization).
 
+### Docker Desktop with Windows Containers fails with "The media is write protected""
+
+#### Error message
+
+`FSCTL_EXTEND_VOLUME \\?\Volume{GUID}: The media is write protected`
+
+#### Cause
+
+If you're encountering failures when running Docker Desktop with Windows Containers, it might be due to
+a specific Windows configuration policy: FDVDenyWriteAccess.
+
+This policy, when enabled, causes Windows to mount all fixed drives not encrypted by BitLocker-encrypted as read-only.
+This also affects virtual machine volumes and as a result, Docker Desktop may not be able to start or run containers
+correctly because it requires read-write access to these volumes.
+
+FDVDenyWriteAccess is a Windows Group Policy setting that, when enabled, prevents write access to fixed data drives that are not protected
+by BitLocker. This is often used in security-conscious environments but can interfere with development tools like Docker.
+In the Windows registry it can be found at `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE\FDVDenyWriteAccess`.
+
+#### Solutions
+
+Docker Desktop does not support running Windows Containers on systems where FDVDenyWriteAccess is enabled. This setting interferes with the
+ability of Docker to mount volumes correctly, which is critical for container functionality.
+
+To use Docker Desktop with Windows Containers, ensure that FDVDenyWriteAccess is disabled. You can check and change this setting in the registry or through Group Policy Editor (`gpedit.msc`) under:
+
+**Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Fixed Data Drives** > **Deny write access to fixed drives not protected by BitLocker**
+
+> [!NOTE]
+> 
+> Modifying Group Policy settings may require administrator privileges and should comply with your organization's IT policies. If the setting gets reset after some time this usually means that it was overriden by the centralized configuration of your IT department. Talk to them before making any changes.
+
 ### `Docker Desktop Access Denied` error message when starting Docker Desktop
 
 #### Error message

content/reference/compose-file/services.md

@@ -2019,6 +2019,12 @@ ulimits:
     hard: 40000
 ```
 
+### `use_api_socket`
+
+When `use_api_socket` is set, the container is able to interact with the underlying container engine through the API socket.
+Your credentials are mounted inside the container so the container acts as a pure delegate for your commands relating to the container engine.
+Typically, commands ran by container can `pull` and `push` to your registry.
+
 ### `user`
 
 `user` overrides the user used to run the container process. The default is set by the image, for example Dockerfile `USER`. If it's not set, then `root`.