Deploying Docker Desktop?

New Contributor

We have a need to deploy Docker Desktop updates.

Our end users do NOT have local admin.

Once the updates are installed and the app is launched said user's are then prompted to input admin credentials for a Docker Helper Tool installation.

Is there a workaround for this either via installing the Helper Tool for Docker via JAMF or somehow approving the install etc?


Valued Contributor

You can run


/Applications/ --install-privileged-components


 either via the "Execute Command" option in your install policy or via a separate script.

Honored Contributor

I can confirm that this works. I just encountered this myself recently.  I use the Execute Command option in "Files and Processes". If you feel compelled to use the separate script option, make sure to set the script to run "After".

Legendary Contributor III

Can confirm we do the same thing when deploying Docker and it works.

You might need to run it after each Docker application update as well.

Contributor II

Does anyone apply any policy enforcement of their Docker implementations? Do you limit which repos users can pull/push images to? Do you manage network interfaces?


@Chris It works without requiring admin right but got and error below

Result of command:
LLVM Profile Error: Failed to write file "default.profraw": Read-only file system Privileged components installed

Honored Contributor

I get that too. I've looked into it and it appears to be a weird side effect. That "default.profraw" seems to be some unimportant file the tools they used to make Docker (and other apps) spits out and tries to put on the root of the hard drive. This error can safely be ignored.

I figure as much but thank you for the confirmation. :)


also came across this one github ""

having issue downloading it to the "download" so change it to /private/tmp/ location. tested and works great.


if [[ `uname -m` == 'arm64' ]]; then
    # Apple Silicon
    echo 'Downloading Apple Silcon release'
    curl -o /private/tmp/Docker.dmg
    # Intel 
    echo 'Downloading Apple Intel release'
    curl -o /private/tmp/Docker.dmg
    # curl -o ~/Downloads/Docker.dmg #old version to test updating

# Mount image 
hdiutil attach /private/tmp/Docker.dmg

# Copy to Applcation folder
rm -rf /Applications/ # For updates remove the old app
cp -R /Volumes/Docker/ /Applications

# Install docker privilaged components
/Applications/ --unattended --install-privileged-components

# Accept license (doesn't seem to be working)
open -a /Applications/ --args --unattended --accept-license

# Clean up.
echo 'Cleaning up'
hdiutil unmount /Volumes/Docker/ 
rm /private/tmp/Docker.dmg


So on the flip side, do any of you have a workflow to *remove* Docker? Thanks to their recent license change, we have to remove it from the whole of our fleet!

We kinda of hacked a simple "remove" script together, but finding that people are smart, and just installing it to folders other than /Applications, which screws up our simple script.

Any tips would be greatly appreciated.