Virtual Desktops (Windows)
Trailer can run a full Windows virtual desktop inside a workspace. A Windows VDI workspace boots a real Windows VM and gives you a browser-based desktop, with the same workspace lifecycle, networking, and volumes as any other workspace.
Windows desktops run as a virtual machine inside the container, so they require a host that supports hardware virtualization. They are available on the Docker runtime backend.
How it works
Section titled âHow it worksâTrailer publishes prebaked Windows disk images. When you create a Windows VDI image, Trailer personalizes one of these disks with your edition, account, language, and any files you upload. It does not reinstall Windows, so builds are fast.
At runtime the workspace boots the disk image in a virtual machine and serves a noVNC web desktop on container port 8006.
Creating a Windows desktop
Section titled âCreating a Windows desktopâA Windows desktop starts as an image, then you launch a workspace from it.
- Create a new image and set the desktop OS to Windows.
- Pick an edition (see below).
- Set the username and password for the Windows account.
- Choose a keyboard layout and system language.
- Optionally upload files to inject into the disk (see File injection).
- Build the image, then create a workspace from it.
When you create a workspace from a Windows VDI image, Trailer prefills sensible defaults: hardware acceleration on, nested virtualization on, and a Virtual Desktop URL pointing at port 8006. You can override any of these before launching.
Editions
Section titled âEditionsâThe edition maps to a tag of ghcr.io/trailer-dev/windows. The supported editions are:
| Edition | Description |
|---|---|
11 | Windows 11 Pro |
11l | Windows 11 LTSC |
11e | Windows 11 Enterprise |
10 | Windows 10 Pro |
10l | Windows 10 LTSC |
10e | Windows 10 Enterprise |
2025 | Windows Server 2025 |
2022 | Windows Server 2022 |
Account and localization
Section titled âAccount and localizationâ- Username: the local administrator account created during first boot. Required.
- Password: typed into the image form. It is stored in a hidden column and never returned by the API. When a password is already set, the form shows a âset, type to changeâ hint; leaving it blank on edit keeps the existing value.
- Keyboard layout: the input layout applied inside Windows (for example US, UK, German, French).
- System language: the display and system locale (for example
en_US.UTF-8,de_DE.UTF-8).
Accessing the desktop
Section titled âAccessing the desktopâThe Windows desktop is served as a noVNC web viewer on container port 8006. The workspace gets a Virtual Desktop URL on the desktop subdomain pointing at that port, so you open the desktop straight from the browser.
For RDP, the VM forwards port 3389 automatically. To reach it from outside the container, publish a port binding for 3389/tcp on the workspace. RDP cannot be proxied through a URL, so it needs a direct port binding.
Hardware acceleration and nested virtualization
Section titled âHardware acceleration and nested virtualizationâTwo workspace toggles affect Windows VMs. Both are pre-enabled when you create a workspace from a Windows VDI image:
- Hardware acceleration: passes GPU devices into the VM.
- Nested virtualization: attaches
/dev/kvmso the VM can use KVM acceleration. Without a usable/dev/kvm, the VM cannot use KVM acceleration.
These require matching host support. If the host has no GPU or no KVM, turn the corresponding toggle off.
Exposed ports
Section titled âExposed portsâFor a workspace on a bridge network (the default), any port you publish, and any URL you define, is forwarded from the container into the Windows VM automatically. You do not need to configure the VMâs networking by hand. The desktop web port (8006) is served by the container itself and is never forwarded.
When a macvlan network is attached, the VM bridges directly onto the LAN and picks up its own address by DHCP, so per-port forwarding does not apply.
File injection
Section titled âFile injectionâYou can upload files on the image and give each a destination path inside Windows. Trailer injects them into the disk at build time, so they are present the first time Windows boots.
Destination paths may be written in Windows style or POSIX style. All of these are accepted and treated the same:
C:\Users\Public\DesktopC:/Users/Public/Desktopc:\Users\Public\Desktop/Users/Public/Desktop\Users\Public\DesktopEach file lands at <destination>/<filename>, so the destination is treated as a directory.
Volumes
Section titled âVolumesâTrailer volumes attached to a Windows workspace show up inside Windows as drives. They are shared over virtio-fs, independent of the workspace network mode.
Drive letters are assigned from Z: downward in attach order: the first attached volume becomes Z:, the second Y:, and so on. Each drive is labeled with the volumeâs name. The letter pool runs out after roughly 22 volumes (C: is the system drive, A: and B: are reserved); past that the volume is still attached to the VM but no drive letter is assigned.
Volumes only mount if the image was built against a recent Windows base. If an older image shows no drives, rebuild the image.