Open byjrack opened 1 year ago
byjrack
commented
1 year ago Came across a good reference you can use as I think they nailed it.
https://support.grammarly.com/hc/en-us/articles/8341171286541-Managed-Mode
Registry and Config profiles are where these should be as that is where the config management products will natively support deployment.
Gholie
commented
9 months ago I feel like Docker Admin would be a good fit for a centralized management for admin-settings parameters. Current system makes management of settings cumbersome, especially if you need to push changes not to mention that local admins can do as they want with the file
byjrack
commented
7 months ago Yup though you need one policy local which is currently the allowedOrgs setting in registry.json. If folks don't sign in than Cloud based policies won't apply so that has to be pushed down in a system or mechanism that doesn't enable abuse. A private DNS TXT record hypothetically could be a trigger as well and it just comes down to machine fqdn would be required.
ch-tstrickland
commented
5 months ago Is this the right place to add this sort of feature request? Specifically, I would like to be able to set docker's configuration from the CLI, much as we configure git. We currently edit the git config files using jq as part of an automated deployment system. This helps us to have consistency from machine to machine and is part of efforts to securely lock down our systems. Furthermore, we have scripts that edit dockers proxy settings according to network location (on/off VPN, etc). Now we are getting a warning that an external entity is editing these files, which is fair enough: I see its utility, but we really need to be able to programmatically set Docker config.
Happy to raise this in a separate ticket if needs be.
ch-tstrickland
commented
5 months ago Similarly, the ability to programatically start/restart/stop Docker and also to run the standard troubleshooting steps: factory reset, various types of data wipe. These are pretty much all part of the same set of functions: auto-deploying Docker consistently across large numbers of laptops in a platform-independent manner.
Tell us about your request Delivering a file to a user after an install via brew or whatever is complicated to say the least. Protecting it from manipulation is also more complicated than it needs to be given they have admin rights to install the helper or other software bits.
Which service(s) is this request for? Docker Desktop
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? I need to make enterprise configs available for the software, but doing a "deploy if not exists or updated" is far from trivial.
Are you currently working around the issue? Not using the features because the management is too difficult and fragile. Found alternatives like documentation, Q&A and other OS controls to try and improve usability.
Additional context Thinking standard options like Active Directory GPO, Apple Configuration Profiles, and emerging MDM options that allow for specifying Open Mobile Alliance Uniform Resource Identifier (OMA-URI) locations. For those that can do files well than rock on, but similar to how Chromium can call out to windows registry or apple configs depending on OS give us that option.