Work-around: Docker Volumes on Windows without File and Print Sharing

We encountered an issue where a developer was trying to use Docker Desktop for Windows and kept getting a message about being unable to share their local volume. Company security policy disabled File and Printer Sharing at the firewall level which left us with some trouble for people trying to develop in docker on Windows Desktop.

To see the helper script, head over to the github repo

References

• Stage Docker Volumes Windows [github.com/7thzero]
• Firewall Rules for Shared Drives [docs.docker.com]
• Hide REM lines from showing in a batch file [computerhope.com]
• Why this code says echo is off? [stackoverflow.com]
• How can I pass arguments to a batch file? [stackoverflow.com]
• How do I get the result of a command in a variable in windows? [stackoverflow.com]
• How to set commands output as a variable in a batch file [stackoverflow.com]
• docker cp [docs.docker.com]
• Persistent Storage in Containers [docs.microsoft.com]
• Docker for Windows | Logs and Troubleshooting [docs.docker.com]
• How to Create Advanced Firewall Rules in the Windows Firewall [howtogeek.com]
• Error: A firewall is blocking file sharing between Windows and the containers [success.docker.com]

Symptoms

When a container is started with a bind-mounted volume in Windows a message box appears that says: Firewall detected. A firewall is blocking file sharing between Windows and the containers. See documentation for more info.. In our case this is caused by port 445 being blocked at the firewall. This is to prevent attackers from moving laterally within our environment if a host gets compromised. Unfortunately it gets in the way of docker which for some reason chose 'File and Print Sharing' as a swell way to handle bind mounts on Windows.

Work-arounds

1. The best work-around is to setup an 'Advanced' Windows firewall rule that only allows SMB/445 traffic to the Docker container subnet on the host. If that isn't supportable (for whatever reason)...
2. There is a work-around where you can copy your data to a docker-volume and mount the docker volume to the container

Workaround 2: Stage Data to a Docker Volume

I put together a quick windows shell/batch script that simplifies the staging process: Stage Docker Volumes Windows. This allows you to create a docker volume and copy your file or folder (recursively) into the docker volume and make it available for use by your docker container running on Windows.

Usage directions:

The batch script takes 2 parameters:

1. Name of docker volume
2. Path to file or directory to copy to the volume

If you want to copy your deploy directory to a volume named deployment, you would do this:

stage-vol.bat deployment c:\users\username\src\project\

You can verify that the file or folder is copied by using this command (launched an Alpine container):

docker run --rm -it --name test-volume-transfer -v deployment:/data alpine ls /data
project/