How to Install Docker on Windows Server 2025
Docker on Windows Server 2025 brings native container support directly to the host OS, enabling teams to run process-isolated Windows containers without a hypervisor layer between the application and the kernel. Unlike Docker Desktop on Windows 10/11, Docker Engine on Windows Server 2025 is a headless service designed for production workloads. This guide walks through installing Docker Engine using the Microsoft-provided PowerShell provider, configuring the daemon for production use, and validating the installation by pulling and running a Windows base image. By the end you will have a fully operational Docker host capable of running process-isolated Windows Server containers.
Prerequisites
- Windows Server 2025 (Standard or Datacenter edition), fully patched
- PowerShell 5.1 or PowerShell 7.x running as Administrator
- Internet access from the server (or an internal mirror of the Docker packages)
- At least 20 GB of free disk space on the system drive for images and container layers
- Hyper-V role installed if you also intend to run Hyper-V isolated containers
- Windows Firewall access to TCP 2375/2376 if remote Docker API access is required
Step 1: Install the NuGet Provider and DockerMsftProvider
Windows Server 2025 ships with PowerShellGet, which can pull packages from the PowerShell Gallery. The DockerMsftProvider is a specialized package provider published by Microsoft that wraps the Docker Engine MSI packages. Start by ensuring NuGet is available and then install the provider.
# Run all commands in an elevated PowerShell session
# Install the NuGet package provider (required by Install-Module)
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
# Trust the PSGallery repository so Install-Module does not prompt
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
# Install the Microsoft Docker package provider module
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
# Confirm the module is present
Get-Module -ListAvailable -Name DockerMsftProviderStep 2: Install Docker Engine
With the provider in place, use Install-Package to download and install the latest stable release of Docker Engine from the Microsoft-hosted feed. The installer registers Docker as a Windows service and places the docker.exe client in C:Program FilesDocker.
# Install the Docker package via the DockerMsftProvider
Install-Package -Name Docker -ProviderName DockerMsftProvider -Force
# Verify the installed version
Get-Package -Name Docker -ProviderName DockerMsftProvider
# Add Docker to the current session PATH if the installer did not reload it
$env:Path += ";C:Program FilesDocker"
# Persist the PATH change for future sessions
[Environment]::SetEnvironmentVariable(
"Path",
$env:Path + ";C:Program FilesDocker",
[EnvironmentVariableTarget]::Machine
)After the install completes, a restart is required to initialise the Windows container feature that Docker depends on.
# Restart the server to enable the Containers Windows feature
Restart-Computer -ForceStep 3: Start and Enable the Docker Service
After the reboot, open a new elevated PowerShell session. The Docker Engine service (docker) should already be set to start automatically, but verify and start it manually for the current session.
# Start the Docker service
Start-Service -Name docker
# Set Docker to start automatically on boot
Set-Service -Name docker -StartupType Automatic
# Confirm the service is running
Get-Service -Name docker
# Verify Docker client connectivity
docker versionStep 4: Configure daemon.json for Production Use
Docker Engine reads its runtime configuration from C:ProgramDatadockerconfigdaemon.json. Customising this file lets you redirect the image and container storage to a larger data drive, configure structured JSON logging, set a custom DNS server, and restrict the Docker API to localhost only. Create the directory and write the configuration file.
# Create the config directory if it does not exist
$configDir = "C:ProgramDatadockerconfig"
if (-not (Test-Path $configDir)) {
New-Item -ItemType Directory -Path $configDir -Force
}
# Write a production daemon.json
$daemonConfig = @{
"data-root" = "D:\DockerData" # store images on a dedicated drive
"log-driver" = "json-file"
"log-opts" = @{
"max-size" = "50m"
"max-file" = "5"
}
"dns" = @("10.0.0.1", "8.8.8.8")
"hosts" = @("npipe://") # named pipe only; no unauthenticated TCP
"storage-driver" = "windowsfilter"
}
$daemonConfig | ConvertTo-Json -Depth 5 | Set-Content -Path "$configDirdaemon.json" -Encoding UTF8
# Restart Docker to apply the new configuration
Restart-Service -Name docker
# Confirm Docker sees the new data root
docker info | Select-String "Docker Root Dir"Step 5: Open Windows Firewall Rules for Docker (Optional)
If you need remote Docker API access (for example, from a CI/CD agent), enable TLS on port 2376 and create a firewall rule. Never expose the unencrypted port 2375 on a production network.
# Allow inbound Docker TLS API (port 2376) from a management subnet only
New-NetFirewallRule `
-DisplayName "Docker TLS API" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 2376 `
-RemoteAddress "10.0.0.0/24" `
-Action Allow `
-Profile Domain,Private
# Allow Docker container NAT traffic (required for published ports)
New-NetFirewallRule `
-DisplayName "Docker NAT" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 80,443,8080 `
-Action Allow `
-Profile Domain,Private,PublicStep 6: Pull a Windows Base Image and Run a Test Container
Microsoft publishes Windows container base images on the Microsoft Container Registry (MCR). The servercore:ltsc2022 image is the most compatible base for applications that need a near-full Windows environment. Pull it and run a quick test to confirm end-to-end functionality.
# Pull the Windows Server Core LTSC 2022 base image
docker pull mcr.microsoft.com/windows/servercore:ltsc2022
# List local images to confirm the pull
docker images
# Run a simple interactive container to verify process isolation
docker run --rm --isolation=process `
mcr.microsoft.com/windows/servercore:ltsc2022 `
powershell -Command "Write-Host 'Docker on Windows Server 2025 is working!'; $PSVersionTable"
# Run a detached container with a named identity
docker run -d --name test-container --isolation=process `
mcr.microsoft.com/windows/servercore:ltsc2022 `
powershell -Command "Start-Sleep -Seconds 300"
# Inspect the running container
docker ps
docker inspect test-container
# Clean up
docker stop test-container
docker rm test-containerStep 7: Validate the Full Installation with docker info
Run docker info to review the complete configuration summary including storage driver, logging driver, kernel version, and operating system details. This output is the definitive check that Docker is correctly configured.
# Full Docker system information
docker info
# Expected key fields to verify:
# Server Version: 24.x or later
# Storage Driver: windowsfilter
# Logging Driver: json-file
# OS: Windows Server 2025 Datacenter
# OSType: windows
# Docker Root Dir: D:DockerData (if daemon.json was applied)
# Check Docker disk usage
docker system df
# View Docker events (useful for debugging startup issues)
docker events --since "1h"Conclusion
You now have a production-ready Docker Engine installation on Windows Server 2025. The installation covered adding the Microsoft Docker package provider, installing Docker Engine, customising daemon.json to redirect storage and configure JSON logging, setting appropriate firewall rules, and validating the setup with a real Windows container. The next logical steps are building custom application images with a Dockerfile, deploying multi-container stacks with Docker Compose, or joining the host to a Kubernetes cluster as a Windows worker node. Keep the Docker Engine updated through the PowerShell provider by periodically running Install-Package Docker -ProviderName DockerMsftProvider -Force -Update to receive security patches from Microsoft.
