diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 5e6ebb4a82ec..1cb4713741be 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -83,6 +83,24 @@ When settings are enforced: This ensures consistent environments while maintaining a clear visual indication of which settings are managed by administrators. +## View applied settings + +When administrators apply Settings Management policies, Docker Desktop greys out most enforced settings in the GUI. + +The Docker Desktop GUI doesn't currently display all centralized settings, +particularly Enhanced Container Isolation (ECI) settings that administrators +apply via the Admin Console. + +As a workaround, you can check the `settings-store.json` file to view all +applied settings: + + - Mac: `~/Library/Application Support/Docker/settings-store.json` + - Windows: `%APPDATA%\Docker\settings-store.json` + - Linux: `~/.docker/desktop/settings-store.json` + +The `settings-store.json` file contains all settings, including those that +may not appear in the Docker Desktop GUI. + ## Limitations Settings Management has the following limitations: diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md index 1db063a6d907..620b4264eae7 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md @@ -81,6 +81,16 @@ For existing installations: Docker Desktop checks for policy updates when it launches and every 60 minutes while running. +## Verify applied settings + +After you apply policies: + +- Docker Desktop displays most settings as greyed out +- Some settings, particularly Enhanced Container Isolation configurations, +may not appear in the GUI +- You can verify all applied settings by checking the [`settings-store.json` +file](/manuals/desktop/settings-and-maintenance/settings.md) on your system + ## Manage existing policies From the **Desktop Settings Management** page in the Admin Console, use the **Actions** menu to: diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md index 53095c84b5ac..9ebe21219bd8 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md @@ -62,7 +62,36 @@ Settings where `locked` is set to `false` are ignored on existing installs if a user has already customized that value in `settings-store.json`, `settings.json`, or `daemon.json`. -### Example configuration +### Grouped settings + +Docker Desktop groups some settings together with a single toggle that controls +the entire section. These include: + +- Enhanced Container Isolation (ECI): Uses a main toggle (`enhancedContainerIsolation`) that enables/disables the entire feature, with sub-settings for specific configurations +- Kubernetes: Uses a main toggle (`kubernetes.enabled`) with sub-settings for cluster configuration +- Docker Scout: Groups settings under the `scout` object + +When configuring grouped settings: + +1. Set the main toggle to enable the feature +1. Configure sub-settings within that group +1. When you lock the main toggle, users cannot modify any settings in that group + +Example for `enhancedContainerIsolation`: + +```json +"enhancedContainerIsolation": { + "locked": true, // This locks the entire ECI section + "value": true, // This enables ECI + "dockerSocketMount": { // These are sub-settings + "imageList": { + "images": ["docker.io/testcontainers/ryuk:*"] + } + } +} +``` + +### Example `admin-settings.json` file The following sample is an `admin-settings.json` file with common enterprise settings configured. You can use this example as a template with the [`admin-settings.json` configurations](#admin-settingsjson-configurations): diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md index 8a0ffbb17f36..1c6d41b128e8 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md @@ -265,7 +265,7 @@ host directories into containers. usage statistics and crash reports to Docker. This setting affects telemetry gathered from the Docker Desktop application itself. It does not affect server-side telemetry collected via Docker Hub or other backend services, such -as login timestamps, pulls, or builds. +as sign in timestamps, pulls, or builds. - **OS:** {{< badge color=blue text="All" >}} - **Use case:** Help Docker improve the product based on usage patterns. - **Configure this setting with:**