Docker Community Forums

Share and learn in the Docker community.

Troubles w/running Administrative tasks during build on Nanoserver

build

#1

I am very new to docker and this is my first post, so hopefully I am going about this correctly :slight_smile:. To start off let me say what my end goal is. I need to build a Windows container image that contains the following runtimes:

  1. Powershell
  2. .NET Framework
  3. AzureAD PS modules
  4. MSOnline PS modules

and maybe more…

I was able to get all of this working using the 5GB mcr.microsoft.com/powershell:latest image that is based on the Windows Core Server image. Here is my dockerfile:

FROM mcr.microsoft.com/powershell:nanoserver

WORKDIR C:/

RUN mkdir SkyKick

WORKDIR C:/SkyKick

COPY ./powershell/bootstrap.ps1 C:/SkyKick

RUN pwsh -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"

RUN pwsh -Command "Install-Module -Name MSOnline -Force"

RUN pwsh -Command "Install-Module -Name AzureAD -Force"

# Start PowerShell
CMD ["powershell", "-NoExit", "-ExecutionPolicy", "Bypass", "-File", "./bootstrap.ps1"]

Whether or not this is an optimal dockerfile or not, it worked just fine and I was happy with it other than the massive 5GB image I had to use. That’s when I started trying to move to the nanoserver image which is only ~500mb, however I ran into some problems with Admin rights during the transition.

When I try to run the dockerfile build exactly as is I get this:

Install-PackageProvider : Administrator rights are required to install packages in 'C:\Program Files\PackageManagement\ProviderAssemblies'. Log on to the computer with an account that has Administrator rights, and then try again, or install in 'C:\Users\ContainerUser\AppData\Local\PackageManagement\ProviderAssemblies' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
At line:1 char:1
+ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotImplemented: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception
+ FullyQualifiedErrorId : InstallRequiresCurrentUserScopeParameterForNonAdminUser,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider

I saw some posts about doing this by using RUN net user /add <username> <password> and then add the user to the localgroup Administrators, but that fails with a Systeme error 5 which is an error given when you don’t have permissions to do so…

Is there something about Nanoserver that they stripped the abillity to run things as an Administrator user? I feel like this restricts you from doing a lot of things which is why I feel like I am just doing something wrong and there is, in fact, a way to get this working with Nanoserver.

Any help is appreciated!
Thanks