Windows Server 2025 offers several options for running Docker containers with Linux or Windows. Windows containers can be isolated in two ways, while Linux containers can optionally be run on WSL2. Server2025 also offers better backward compatibility than its predecessors.
Conceptually, containers are a lightweight alternative to virtual machines because they share resources such as the system kernel with the host OS. They also simplify the deployment of applications because they bring their own environment and are therefore not dependent on the configuration of the host system.
Process versus Hyper-V isolation
In practice, however, there are various hybrid forms. In order for a container and the host OS to be able to share certain components, they must run the same operating systems, which must not differ too much in terms of version.
If this requirement is not met, it is possible to run containers in a separate VM with a minimal operating system. As expected, this variant uses more resources, but also allows the execution of other operating systems such as Linux.
An additional benefit of VM-based isolation is a stricter separation between the containers and the host OS, which benefits security. Process isolation, on the other hand, only isolates the user-mode processes and virtualizes the host’s file system and registry so that changes to them do not affect it.
Compatibility for containers with process isolation
While Windows Server 2016, which introduced the container feature, was very limited in terms of compatibility with other OS versions, version 2025 is much more generous . Existing containers with Server 2022 can be transferred to a host with the new OS without updating the operating system.
Versions of Windows Server that can run in a container under Server 2025
In addition, the strict separation between client and server operating systems has now also been eliminated. In the past, the latter could only be run in a Hyper-V container under Windows 10. Windows 11 24H2, on the other hand, also supports Server 2022 and 2025 in a container with process isolation.
Windows 11 allows Server 2022 and 2025 to run in lightweight containers.
Running Linux in a Container
It is obvious that mere process isolation cannot work if Windows Server serves as the host OS and Linux is running in the container, since both are based on a completely different kernel.
One option here is to use a VM container based on a slim Linux in a virtual machine. Docker Desktop also offers the option of running such containers in the subsystem for Linux (WSL2).
Although this also runs in a VM, it can host multiple Linux containers at the same time. You only need one virtual machine and share the WSL2 kernel provided by Microsoft. This reduces resource consumption, which also leads to better performance.
Managing container types with Docker Desktop
After installing the container feature, the Hyper-V role, WSL2 and Docker Desktop, all of the container types described above are available. Docker is configured for Linux containers by default. You can switch to Windows containers using the corresponding command in the tray applet.
The tray applet allows switching between Linux and Windows containers.
Windows container
If you then want to start a container whose OS meets the requirements for process isolation, Docker will automatically choose this option. However, you can also specify this explicitly in the corresponding command:
docker run --isolation=process mcr.microsoft.com/windows/nanoserver:ltsc2025
This example runs the Nano version of Windows Server 2025 in a container with process isolation. If you want the container to run on its own kernel in a VM instead, adapt the above command accordingly:
docker run --isolation=hyperv mcr.microsoft.com/windows/nanoserver:ltsc2025
If you want to make sure that the container was started with the desired isolation mode, switch to the command line and first determine its ID:
docker ps -a
Then look for the type of isolation in the output of docker inspect :
docker inspect 71564914a6ad | Select-String 'Isolation":'
Find out the insulation type of a container
The result is either process or hyperv ; for Linux containers this value remains empty.
Linux containers
If you have switched to Linux containers via the tray applet, you can start one as usual using the corresponding docker command:
docker run --isolation=default spurin/idle
Unlike Windows, the –isolation parameter does not support the values process and hyperv . Default is allowed here , but since that is the only option, you can skip it.
Start Linux containers using the docker command
If you try to start a Linux container while Windows containers are still configured, you will receive the error message
no matching manifest for windows/amd64 10.0.xxxxx in the manifest list entries
Whether a container runs in its own VM or in the Linux subsystem depends on the setting Use the WSL 2 based engine in Docker Desktop. It is enabled by default because Docker recommends this variant due to its better performance.
This setting determines whether a Linux container runs in its own VM or in WSL2.
By the way, you don’t need to install a distribution to run a container in WSL2. Docker comes with a lightweight distro called docker-desktop for this purpose .
As mentioned, inspecting the runtime data is not enough to determine whether a Linux container is running in WSL2 or in its own VM. Instead, you can check whether Docker has started a separate virtual machine:
Get-VM -Name Docker*
This command also shows whether Windows containers are running with Hyper-V isolation.
Summary
Windows Server 2025 supports several options when running containers. For Windows containers, you can choose between process and hyperv isolation . Only with the former do the host and container share a kernel, while with hyperv each container runs in its own VM.
Unlike its predecessors, Server 2025 also accepts other OS versions as a host or in a container for process isolation. Server 2022 can also be used as a guest, and Windows 11 can also be used as a host.
For obvious reasons, Linux containers are not satisfied with process isolation, but require their own VM. A middle ground is to run multiple containers together in WSL 2, where they can share resources with the host OS.