Configuring a managed user environment
In enterprise environments, administrators can enforce specific configuration values that users are unable to override. This capability allows them to manage configurations, such as proxy servers, telemetry policies, and security policies, ensuring users operate within a controlled environment. Administrators can review and edit the configurations in the user settings file before applying the changes globally to all enterprise users.
How it works
Podman Desktop stores values for the following types of configuration in three separate JSON files:
- User configuration - Editable user-enforced values for Podman Desktop customization.
- Managed defaults configuration - Read-only administrator-enforced default values that cannot be edited by the user.
- Locked configuration - Read-only administrator-enforced list of keys that must use managed values.
When a configuration changes, Podman Desktop returns a value after checking the user configuration files in the following priority order:
- Locked keys - Return a value from the managed defaults configuration file, which is of highest priority
- Unlocked keys - Return a value from the user configuration file
- Default value - Returns the default value built into Podman Desktop
File locations
- Linux
- macOS
- Windows
User configuration
- Location:
~/.local/share/containers/podman-desktop/configuration/settings.json - Permissions: User read/write
- Purpose: Normal user settings configured through the UI
Managed defaults
- Location:
/usr/share/podman-desktop/default-settings.json - Permissions: Root only
- Purpose: Administrator-enforced configuration values
Locked configuration
- Location:
/usr/share/podman-desktop/locked.json - Permissions: Root only
- Purpose: List of configuration keys that are locked by an administrator
User configuration
- Location:
~/.local/share/containers/podman-desktop/configuration/settings.json - Permissions: User read/write
- Purpose: Normal user settings configured through the UI
Managed defaults
- Location:
/Library/Application Support/io.podman_desktop.PodmanDesktop/default-settings.json - Permissions: Administrator only
- Purpose: Administrator-enforced configuration values
Locked configuration
- Location:
/Library/Application Support/io.podman_desktop.PodmanDesktop/locked.json - Permissions: Administrator only
- Purpose: List of configuration keys that are locked by an administrator
User configuration
- Location:
%APPDATA%\podman-desktop\configuration\settings.json - Permissions: User read/write
- Purpose: Normal user settings configured through the UI
Managed defaults
- Location:
%PROGRAMDATA%\Podman Desktop\default-settings.json - Permissions: Administrator only
- Purpose: Administrator-enforced configuration values
Locked configuration
- Location:
%PROGRAMDATA%\Podman Desktop\locked.json - Permissions: Administrator only
- Purpose: List of configuration keys that are locked by an administrator
Example: Enforcing corporate proxy and telemetry settings
This example demonstrates how an administrator can lock the proxy and telemetry configuration to enforce corporate policy.
Procedure
- Create a managed defaults file with corporate settings.
- Create a locked configuration file to enforce the corporate settings.
- Deploy both files to the appropriate system location.
- Restart Podman Desktop, the managed values will override user-configured values and enforce compliance.
User Configuration
The user has configured a local proxy in their settings:
{
"proxy.http": "https://127.0.0.1:8081",
"telemetry.enabled": true
}
Managed Defaults Configuration
The administrator creates a managed defaults file with corporate settings:
- Linux
- macOS
- Windows
{
"proxy.http": "http://corp-proxy.example.com:8080",
"telemetry.enabled": false
}
{
"proxy.http": "http://corp-proxy.example.com:8080",
"telemetry.enabled": false
}
{
"proxy.http": "http://corp-proxy.example.com:8080",
"telemetry.enabled": false
}
Locked Configuration
The administrator creates a locked configuration file to enforce these settings:
- Linux
- macOS
- Windows
{
"locked": ["proxy.http", "telemetry.enabled"]
}
{
"locked": ["proxy.http", "telemetry.enabled"]
}
{
"locked": ["proxy.http", "telemetry.enabled"]
}
Result
With this configuration in place, Podman Desktop returns:
{
"proxy.http": "http://corp-proxy.example.com:8080",
"telemetry.enabled": false
}
Key observations:
proxy.http- Returns managed value, user's local proxy is ignoredtelemetry.enabled- Returns managed value, user cannot enable telemetry (set to false)
As an administrator, you can implement several use cases to customize user settings based on your enterprise needs and apply those changes globally across your enterprise. For a comprehensive list of common use cases and examples, see Managed configuration use cases.
Deploying a managed configuration
Procedure
- Linux
- macOS
- Windows
Step 1: Create configuration files
Save the following files at /usr/share/podman-desktop/:
Managed defaults file:
{
"proxy.http": "http://proxy.corp.example.com:8080",
"telemetry.enabled": false
}
Locked configuration file:
{
"locked": ["proxy.http", "telemetry.enabled"]
}
Step 2: Deploy using a deployment tool
Choose a deployment tool: Ansible, Puppet, Chef, Salt, RPM/DEB packages, or shell scripts.
Step 3: Verify the deployment
-
Restart Podman Desktop.
-
Go to Help > Troubleshooting, and select the Logs tab to check for messages such as:
[Managed-by]: Loaded managed ... -
Verify that locked settings cannot be changed through the UI.
Step 1: Create configuration files
Save the following files at /Library/Application Support/io.podman_desktop.PodmanDesktop/:
Managed defaults file:
{
"proxy.http": "http://proxy.corp.example.com:8080",
"telemetry.enabled": false
}
Locked configuration file:
{
"locked": ["proxy.http", "telemetry.enabled"]
}
Step 2: Deploy using a deployment tool
Choose a deployment tool: Jamf Pro, Microsoft Intune, Kandji, SimpleMDM, Ansible, or PKG installers.
Step 3: Verify the deployment
-
Restart Podman Desktop.
-
Go to Help > Troubleshooting, and select the Logs tab to check for messages such as:
[Managed-by]: Loaded managed ... -
Verify that locked settings cannot be changed through the UI.
Step 1: Create configuration files
Save the following files at %PROGRAMDATA%\Podman Desktop\:
Managed defaults file:
{
"proxy.http": "http://proxy.corp.example.com:8080",
"telemetry.enabled": false
}
Locked configuration file:
{
"locked": ["proxy.http", "telemetry.enabled"]
}
Step 2: Deploy using a deployment tool
Choose a deployment tool: Group Policy, Microsoft Intune, SCCM, Ansible, or PowerShell scripts.
Step 3: Verify the deployment
-
Restart Podman Desktop.
-
Go to Help > Troubleshooting, and select the Logs tab to check for messages such as:
[Managed-by]: Loaded managed ... -
Verify that locked settings cannot be changed through the UI.
Locked configuration impact on users
When a setting is locked:
- In the UI: The setting appears grayed out or displays a lock icon
- Editing settings.json: Changes to locked keys in the user's file are ignored
- Console output: Log messages indicate when locked values are being used
Users are notified when settings are managed by administrators, ensuring transparency about which settings they can and cannot control.