From 6fc03c90415f6f3d232c47bbaa16cada6365909c Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Tue, 19 Aug 2025 09:28:03 -0400 Subject: [PATCH 1/2] improve settings docs --- .../settings-management/_index.md | 18 +++++++++++ .../configure-admin-console.md | 10 ++++++ .../configure-json-file.md | 31 ++++++++++++++++++- .../settings-management/settings-reference.md | 2 +- 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 5e6ebb4a82ec..2732cd0cc418 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -83,6 +83,24 @@ When settings are enforced: This ensures consistent environments while maintaining a clear visual indication of which settings are managed by administrators. +## View applied settings + +When administrators apply Settings Management policies, Docker Desktop grays out most enforced settings in the GUI. + +The Docker Desktop GUI doesn't currently display all centralized settings, +particularly Enhanced Container Isolation (ECI) settings that administrators +apply via the Admin Console. + +As a workaround, you can check the `settings-store.json` file to view all +applied settings: + + - Mac: `~/Library/Application Support/Docker/settings-store.json` + - Windows: `%APPDATA%\Docker\settings-store.json` + - Linux: `~/.docker/desktop/settings-store.json` + +The `settings-store.json` file contains all settings, including those that +may not appear in the Docker Desktop GUI. + ## Limitations Settings Management has the following limitations: diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md index 1db063a6d907..620b4264eae7 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md @@ -81,6 +81,16 @@ For existing installations: Docker Desktop checks for policy updates when it launches and every 60 minutes while running. +## Verify applied settings + +After you apply policies: + +- Docker Desktop displays most settings as greyed out +- Some settings, particularly Enhanced Container Isolation configurations, +may not appear in the GUI +- You can verify all applied settings by checking the [`settings-store.json` +file](/manuals/desktop/settings-and-maintenance/settings.md) on your system + ## Manage existing policies From the **Desktop Settings Management** page in the Admin Console, use the **Actions** menu to: diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md index 53095c84b5ac..9ebe21219bd8 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md @@ -62,7 +62,36 @@ Settings where `locked` is set to `false` are ignored on existing installs if a user has already customized that value in `settings-store.json`, `settings.json`, or `daemon.json`. -### Example configuration +### Grouped settings + +Docker Desktop groups some settings together with a single toggle that controls +the entire section. These include: + +- Enhanced Container Isolation (ECI): Uses a main toggle (`enhancedContainerIsolation`) that enables/disables the entire feature, with sub-settings for specific configurations +- Kubernetes: Uses a main toggle (`kubernetes.enabled`) with sub-settings for cluster configuration +- Docker Scout: Groups settings under the `scout` object + +When configuring grouped settings: + +1. Set the main toggle to enable the feature +1. Configure sub-settings within that group +1. When you lock the main toggle, users cannot modify any settings in that group + +Example for `enhancedContainerIsolation`: + +```json +"enhancedContainerIsolation": { + "locked": true, // This locks the entire ECI section + "value": true, // This enables ECI + "dockerSocketMount": { // These are sub-settings + "imageList": { + "images": ["docker.io/testcontainers/ryuk:*"] + } + } +} +``` + +### Example `admin-settings.json` file The following sample is an `admin-settings.json` file with common enterprise settings configured. You can use this example as a template with the [`admin-settings.json` configurations](#admin-settingsjson-configurations): diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md index 8a0ffbb17f36..1c6d41b128e8 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md @@ -265,7 +265,7 @@ host directories into containers. usage statistics and crash reports to Docker. This setting affects telemetry gathered from the Docker Desktop application itself. It does not affect server-side telemetry collected via Docker Hub or other backend services, such -as login timestamps, pulls, or builds. +as sign in timestamps, pulls, or builds. - **OS:** {{< badge color=blue text="All" >}} - **Use case:** Help Docker improve the product based on usage patterns. - **Configure this setting with:** From bd7860fc77e48abc6f00a9545e17cd5d59adf08f Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 20 Aug 2025 12:49:25 -0400 Subject: [PATCH 2/2] fix grey nit --- .../security/hardened-desktop/settings-management/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md index 2732cd0cc418..1cb4713741be 100644 --- a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md @@ -85,7 +85,7 @@ This ensures consistent environments while maintaining a clear visual indication ## View applied settings -When administrators apply Settings Management policies, Docker Desktop grays out most enforced settings in the GUI. +When administrators apply Settings Management policies, Docker Desktop greys out most enforced settings in the GUI. The Docker Desktop GUI doesn't currently display all centralized settings, particularly Enhanced Container Isolation (ECI) settings that administrators