Creating and logging in to a Windows Containers user with a password

Windows Containers by default uses ContainerAdministator user account with blank password. Creating a new user with password can be done but cannot be used in DockerFile for example. If you want to use another user in a container you have to create a user with blank password!

To login to a container with a password, do the following:

PS C:\> $cert = New-SelfSignedCertificate -DnsName "dontcare" -CertStoreLocation Cert:\LocalMachine\My
PS C:\> winrm create winrm/config/Listener?Address=*+Transport=HTTPS ('@{Hostname="notimportant"; CertificateThumbprint="' + $cert.Thumbprint + '"}')
PS C:\> winrm set winrm/config/service/Auth '@{Basic="true"}'
PS C:\> $cred = New-Object pscredential 'timus', (ConvertTo-SecureString -String 'P@$$w0rd' -AsPlainText -Force)
PS C:\> Enter-PSSession -Credential $cred -ComputerName localhost -Authentication Basic -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)

Remove blank lines using Notepad++

Say you have a document as shown below.

And you want to remove the blank lines - represented by {CR}{LF}. To do this using Notepad++, bring up Replace dialog (Search | Replace... or CTRL+H) and use ^\r\n in Find What and blank for Replace. In Search Mode, change it to Regular Expression. See below for an example.

What it does it use regular expression to search for carriage return and linefeed characters and match only if it is the beginning of the line (^). And of course replace it with a blank character.

Split a line into multiple lines using Notepad++

Say you have a document like below.

And you want to split "hello world" into multiple lines. Doing this using Notepad++ is easy. Bring up Replace dialog (Search | Replace... or CTRL+H), in Find what use hello world\r\n. This matches the entire line including carriage return and linefeed character. In Replace with replace the string with the intended multi-line data, for example, hello\r\n\world\r\n, will replace the line into two. One is hello, followed by world in the next line. And of course, for this to work you need to select Regular expression in the Search Mode.

How to delete Windows protected partition

How to delete Windows protected partition

Run diskpart in elevated command prompt, like:

c:\> diskpart

Then follow the prompts like below:

Microsoft DiskPart version 10.0.18362.1171

Copyright (C) Microsoft Corporation.
On computer: M1

DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          180 GB    53 GB        *

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System             100 MB  1024 KB
  Partition 2    Reserved            16 MB   101 MB
  Partition 3    Primary            126 GB   117 MB
  Partition 4    Recovery           499 MB   126 GB

DISKPART> select partition 4
DISKPART> delete partition override
DISKPART> exit
Leaving DiskPart...

Windows containers cannot use USER instruction to change user with a password

 I have a Dockerfile like below:

FROM mcr.microsoft.com/windows/servercore:20H2 as final
RUN net user timus P@$$w0rd123!@# /add /Passwordchg:No
RUN WMIC USERACCOUNT WHERE "Name='timus'" SET PasswordExpires=FALSE
RUN net localgroup administrators timus /add
USER timus
RUN whoami

Running this will fail with an error message like below:

C:\mydocker>docker build -t myimages:1.0.0 -f Dockerfile Sending build context to Docker daemon 678.8MB Step 1/6 : FROM mcr.microsoft.com/windows/servercore:20H2 as final ---> 4943ff812624 Step 2/6 : RUN net user timus P@$$w0rd!@# /add /Passwordchg:No ---> Running in 95d4d70138d8 The command completed successfully. Removing intermediate container 95d4d70138d8 ---> d00130167ea2 Step 3/6 : RUN WMIC USERACCOUNT WHERE "Name='timus'" SET PasswordExpires=FALSE ---> Running in 0d05945d8f70 Updating property(s) of '\\0D05945D8F70\ROOT\CIMV2:Win32_UserAccount.Domain="0D05945D8F70",Name="timus"' Property(s) update successful. Removing intermediate container 0d05945d8f70 ---> b37beaf1f201 Step 4/6 : RUN net localgroup administrators timus /add ---> Running in 82871efe73b3 The command completed successfully. Removing intermediate container 82871efe73b3 ---> 17d3a473c8e6 Step 5/6 : USER timus ---> Running in fc69793db808 Removing intermediate container fc69793db808 ---> 8e515f363d94 Step 6/6 : RUN whoami ---> Running in 1d88d8a9e089 container 1d88d8a9e0897835a2cd00082f92ef99d7896623ce7ba7c1921176569c670cfe encountered an error during hcsshim::System::CreateProcess: failure in a Windows system call: The user name or password is incorrect. (0x52e) [Event Detail: Provider: 00000000-0000-0000-0000-000000000000] [Event Detail: Provider: 00000000-0000-0000-0000-000000000000] [Event Detail: onecore\vm\compute\management\orchestration\vmhostedcontainer\processmanagement.cpp(173)\vmcomputeagent.exe!00007FF720E4A40B: (caller: 00007FF720E05C8B) Exception(2) tid(388) 8007052E The user name or password is incorrect. CallContext:[\Bridge_ProcessMessage\VmHostedContainer_ExecuteProcess] Provider: 00000000-0000-0000-0000-000000000000] extra info: {"CommandLine":"cmd /S /C whoami","User":"timus","WorkingDirectory":"C:\\","CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}

This is failing because as of this writing (4/12/2021) Windows containers does not support using USER instruction for users with password, it is expecting it to be blank!
See this GitHub issue for details - https://github.com/moby/moby/issues/28585

My docker cheat sheet

My docker cheat sheet

Installing base container image for Server Core 2019. If you are running Windows Server 2019 virtual machine, this will allow you to run the container in process isolation mode instead of Hyper-V isolation. Process isolation is more light-weight and allows you to run a Server 2019 VM with dynamic memory setting in Hyper-V.

PS C:\> docker image pull mcr.microsoft.com/windows/servercore:ltsc2019

To list downloaded images, do

PS C:\> docker images

This will show something like below

PS C:\> docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             SIZE
mcr.microsoft.com/windows/servercore   ltsc2019            3eaa9ebbf51f        5 weeks ago         5.25GB

To run a Windows container based on servercore:ltsc2019, do:

PS C:\> docker run -it mcr.microsoft.com/windows/servercore:ltsc2019 cmd.exe

This will open a cmd.exe prompt. This should allow you to play inside that container.

This container should be running in process isolation mode. To verify that get the cotainers running, like:

PS C:\> docker ps -a

Sample output below

PS C:\> docker ps -a
CONTAINER ID        IMAGE                                           COMMAND             CREATED             STATUS                      PORTS               NAMES
0dcd0e1f1a01        mcr.microsoft.com/windows/servercore:ltsc2019   "cmd.exe"           7 seconds ago       Up 6 seconds                                    gracious_ride
c9e4859871c2        mcr.microsoft.com/windows/servercore:ltsc2019   "cmd.exe"           56 minutes ago      Exited (0) 50 minutes ago                       distracted_curran
540f0bd0e7fd        mcr.microsoft.com/windows/servercore:ltsc2019   "cmd.exe"           About an hour ago   Exited (0) 58 minutes ago                       reverent_bohr

Note that 0dcd0e1f1a01 shows it is running (STATUS column shows Up x seconds).

Now check Isolation mode, like

PS C:\> docker inspect 0dcd0e1f1a01 | Select-String -Pattern "Isolation"

It shoud show something like below

PS C:\> docker inspect 0dcd0e1f1a01 | Select-String -Pattern "Isolation"
            "Isolation": "process",

To re-start an exited container, e.g., 540f0bd0e7fd do:

PS C:\> docker start 540f0bd0e7fd

This will start a container in the background. To interact with it do:

PS C:\> docker attach 540f0bd0e7fd

To start another shell on a conatiner, do:

PS C:\> docker exec -it 540f0bd0e7fd cmd.exe

Changing Windows user password from the command line

 Changing Windows user password from the command line

C:\> net user  administrator newpassword

Can’t install Hyper-V Management Tools on Windows Server 2019 if the machine/VM does not support virtualization

Can’t install Hyper-V Management Tools on Windows Server 2019 if the machine/VM does not support virtualization
 

I tried to install PowerShell Direct to manage docker containers but can't install the feature, trying to run:

PS C:\> Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell

 yields with error below:

PS C:\Users\Administrator> Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell
Enable-WindowsOptionalFeature : One or several parent features are disabled so current feature can not be enabled.
At line:1 char:1
+ Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Enable-WindowsOptionalFeature], COMException
    + FullyQualifiedErrorId : Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand

Apparently this happens when the OS is running on a machine that does not support virtualization or the VM does not have nested virtualization enabled.

Creating new Windows admnistrator user from the command line

Creating new Windows admnistrator user from the command line

I am not quite comfortable with too few options available when creating a new user in Windows 10 Home edition, so I do the following.

c:\> net user timus P@$$w0rd123!@# /add /Passwordchg:No
c:\> WMIC USERACCOUNT WHERE "Name='timus'" SET PasswordExpires=FALSE
c:\> net localgroup administrators timus /add

Logging in to remote ssh server using private/public key pair

Logging in to remote ssh server using private/public key pair

I have recently used VS Code for remote development and I am experiencing multiple disconnections a day. Like disconnecting form the docking station, moving around the house or just plain network issues. Using password to reconnect is becoming an annoyance. To help improve the workflow I have enabled private/public key pair, like:

PS C:\> ssh-keygen -t rsa -b 2048
PS C:\> cat ~/.ssh/id_rsa.pub | ssh user@remote_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

This was tested on Windows 10 v1909.