Love it or hate it, Docker is here to stay, and containerized workflows are part of the self-hosting landscape. Typically, containers host individual apps because they function like VMs, only with a much lower overhead, as you’re not running the entire operating system, just the parts needed for that app. But that’s not all they can be used for, and you can quite easily run entire operating systems inside a container if you want.
Again, you’ll likely be running Linux distros inside a container. That’s how the development world is skewed these days, but you can run other OSes too. And that includes Windows 11, and there’s a certain level of serendipity to running Windows inside another walled receptacle.
Okay, but why would you want to run Windows in a Docker container?
Why, tell me why
Ever needed to test something in an operating system you don’t normally use? Most of the time, you’d probably set up a virtual machine or dual-boot or even have a second machine for development purposes. But that’s not always practical, and the time it takes to set up Windows can be a significant part of your day.
But with a container, once you’ve created it, it can be destroyed at any time, replaced with a pristine image, ready for you to test on. It’s the best of both worlds, and as long as you’re not testing graphics drivers or other features that don’t lend themselves to virtualization, using a container starts to make a lot of sense.
Enter dockur/windows
This ready-made Docker container downloads the latest version of Windows straight from Microsoft, then sets things up for you to VNC to finish the installation.
Now, you can run the following command from the Docker CLI, if you want:
docker run -it –rm –name windows -p 8008:8008 –device=/dev/kvm –device=/dev/net/tun –cap-add NET_ADMIN -v “${PWD:-.}/windows:/storage” –stop-timeout 120 dockurr/windows
That’ll get the container for you, but because I already had Podman Desktop installed, and there’s a ready-made container in the repository, I went with that. You could also make a Docker Compose file if that’s what you prefer, and in many ways, that’s the best way to do things.
I had to turn off the security features in Podman before it would install, as the process would error out, saying /dev/kvm isn’t mounted. Once I changed that setting, it was smooth sailing.
The installation is kinda slow
Go and make a coffee, because it’ll take a while. Docker has to download the ISO for the version of Windows you’re installing, then install things in a place that Microsoft never envisioned Windows to go. It took a while for that to all happen, but there’s no user input necessary during these stages. It’s pretty neat watching the logs while the container extracts the individual parts of Windows, applies an XML file for automatic installation, and then uses QEMU to boot Windows once it’s done. The result is a Windows 11 desktop with a local user account that you can get to by putting 127.0.0.1:8006 in your browser.
Okay, but surely that means compromises somewhere
I wouldn’t expect to do any gaming but it’s perfect for testing out sketchy files or new apps
The simplicity of a containerized operating system brings benefits, like not taking up resources when you’re not using it actively. Plus, it’s isolated from the system you’re running it on, let alone from your network (if you’ve set up the networking stack properly).
Be warned, it’s slow to begin with, mostly because of the VNC connection. VNC is good for installing, because it’s hard to mess up the connection, but once you’ve got a Windows container, the devs say to use Remote Desktop to the container’s IP address instead. That’s a much more performant way to access things, and makes the whole experience much more enjoyable.
Then it’s time to tweak things
The power of Docker is that you can change tons of settings, and they’ll affect a fresh version of the container. No more getting partway through a complicated Windows workflow and realizing you installed something incorrectly or missed a step. You can change things in the compose file to share a folder with the host machine for easy swapping in data, change the drive size, and other resources available to the container. You can even change user credentials from the external file, without sullying the Windows side of things.
And it’s Windows. You can drop an install.bat file into a folder along with any exe or msi files you want installing, point the compose file at that folder, and it’ll run the script once it finishes installing Windows. There are also versions for using Windows-as-a-Container on macOS, or for the Arm version of Windows if that’s what you need to test.
Being able to use Windows as a container opens the door to better development work
There are many times during development work that you might need to test programs out on a specific version of Windows, or want to freeze Windows at a step without having to block Windows Updates. Containerizing Win 11 accomplishes this and makes any testing repeatable, so you can iron out functionality and bugs without worrying if Microsoft is to blame by updating things on you. Plus, the compartmentalized nature of Docker makes this useful for cybersecurity testing as well, as you can run sandboxed files inside the container and have another level of distance from your host machine.
