Not able to connect to the local docker daemon w/o elevation


I’m running a .NET service on a windows VM, which i’m interested to have the ability to run a container locally.

This works well for me using the Docker.DotNet library (or docker cmdline), as long as i’m running elevated on the windows VM.

This is how I instantiate the Docker.DotNet client before using is successfully.

dockerClient = new DockerClientConfiguration(new Uri("npipe://./pipe/docker_engine")).CreateClient();

So far so good. However, when my service runs under the NETWORK SERVICE identity (which is the state in Production, not changeable), I find it impossible to connect to the local docker daemon, either using Docker.DotNet.
even simple commands such as docker version fail under this identity, all with the following message:

error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.30/version: open //./pipe/docker_engine: Access is denied. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.

I’ve verified the docker daemon is up and running - this is most probably a permissions/security issue.

Q: are there any ways to workaround this?
I’ve so far tried enabling the docker engine to be available on tcp://localhost:2375, but that hasn’t been successful, and i’d prefer to not have to do so.

Thanks for your help!