I just want to mention that the microsoft/nanoserver-insider image has the non-admin "ContainerUser" account as default. Is this intented?

Running containers as non-admin is a good thing, but this default sometimes result in some difficulties while building Docker images based on nanoserver-insider.

In a golang+git nanoserver image I had to use a workaround to switch to ContainerAdministrator, setting the machine PATH variable, and switch back: https://github.com/StefanScherer/dockerfiles-windows/blob/c3a6dce28d325e25d3ed993e7d2b4fabd99c3b81/g...

Otherwise we can only set the users's PATH (setx without /M option): https://github.com/StefanScherer/dockerfiles-windows/blob/b9c944fdcf8ceb936d41a48837afaba8fd92b372/n...

While creating a Docker image for the Docker swarm visualizer I once again had problems while "npm run dist" os I also had to prepend a "USER ContainerAdministrator" to have write access to C:/app - see the Dockerfile example in https://github.com/dockersamples/docker-swarm-visualizer/pull/87#issue-260104486

So the question is if the nanoserver-insider image shouldn't have a value for the user just as the windowsservercore-insider image.

If someone wants to change the user, it is possible by adding a line USER ContainerUser in the Dockerfile for any Windows image.