How to Manage Containers with Windows Admin Center on Windows Server 2025

Windows Admin Center (WAC) is Microsoft’s browser-based server management platform, and its Container extension brings a visual, point-and-click interface to Docker container management on Windows Server 2025. For administrators who are comfortable managing Windows infrastructure through a GUI but are earlier in their container journey, WAC provides an accessible entry point to pull images, view running containers, inspect logs, and configure networking — all without leaving the familiar browser-based management interface. This tutorial covers installing the WAC Container extension, connecting it to a container host, and using it to perform day-to-day container management tasks, while also comparing WAC to alternatives like Portainer and discussing where WAC fits in a broader container management strategy on Windows Server.

Prerequisites

Windows Admin Center 2311 or later installed on a gateway server or management PC (download from aka.ms/WindowsAdminCenter)
Windows Server 2025 container host with Docker Engine or the Windows container feature installed
Docker Engine installed and running on the container host (Install-Package -Name docker -ProviderName DockerMsftProvider -Force)
WinRM enabled on the container host (required for WAC connectivity)
An account with local administrator rights on the container host
Outbound internet access from the container host for pulling images from Docker Hub or MCR

Step 1: Prepare the Container Host

Before connecting WAC, ensure the container host is fully configured. Windows Server 2025 supports both process-isolated containers (Windows containers sharing the host kernel) and Hyper-V isolated containers (each container gets a lightweight utility VM). Install the Containers feature and Docker Engine using PowerShell.

# Install the Containers Windows feature
Install-WindowsFeature -Name Containers -Restart

# After restart: install Docker Engine using the Microsoft provider
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 24.0.7

# Start Docker and set it to start automatically
Start-Service docker
Set-Service docker -StartupType Automatic

# Verify Docker is running and check the version
docker version
docker info

# Pull a test image to confirm connectivity to the container registry
docker pull mcr.microsoft.com/windows/nanoserver:ltsc2025

# Run a quick test container
docker run --rm mcr.microsoft.com/windows/nanoserver:ltsc2025 cmd /c "echo Container host is ready"

# Configure the Docker daemon to accept remote management via TCP
# (required for some WAC connection modes — use TLS in production)
# Edit C:ProgramDatadockerconfigdaemon.json:
$daemonConfig = @{
    hosts = @("npipe://", "tcp://0.0.0.0:2375")
} | ConvertTo-Json
Set-Content -Path 'C:ProgramDatadockerconfigdaemon.json' -Value $daemonConfig
Restart-Service docker

Security note: Exposing Docker on TCP port 2375 without TLS is acceptable only on isolated management networks. For production environments, configure mutual TLS authentication on the Docker daemon.

Step 2: Install the Container Extension in Windows Admin Center

WAC extensions are installed through the Extensions marketplace within the WAC interface. The Containers extension is published by Microsoft and provides all container management capabilities directly in the browser.

Open Windows Admin Center in your browser (e.g., https://wacgateway.domain.local).
Click the Settings gear icon in the top-right corner.
In the left navigation, click Extensions.
In the Available Extensions tab, search for Containers.
Select the Containers extension published by Microsoft and click Install.
WAC will refresh automatically after installation. The extension is now available on all connected servers that have Docker running.

To install or update extensions from PowerShell on the WAC gateway (useful for automated deployments):

# List installed WAC extensions via the WAC REST API (from the gateway server)
# WAC exposes an API at /api/extensions
$wacGateway = 'https://localhost:6516'
$extensions = Invoke-RestMethod -Uri "$wacGateway/api/extensions" `
    -UseDefaultCredentials `
    -SkipCertificateCheck

$extensions | Where-Object { $_.id -like '*container*' } |
    Select-Object id, version, state

Step 3: Connect WAC to a Container Host

Container management in WAC is accessed by connecting to the target Windows Server and navigating to the Containers tool in the left-hand tool list. WAC communicates with Docker via WinRM and the Docker named pipe on the target host.

On the WAC home screen, click + Add to add a connection.
Select Windows Server and enter the hostname or IP address of your container host.
Provide credentials if prompted and click Add.
Click the newly added server to open its management view.
In the left tool panel, scroll down and click Containers.

The Containers tool will enumerate all running and stopped containers on the host, the local image library, networks, and volumes. If you see a message that Docker is not running, return to Step 1 and confirm the Docker service is active.

Step 4: Pulling Images through the WAC Interface

The Images tab in the WAC Containers extension lists all Docker images currently on the host. From this view you can pull new images directly from Docker Hub or the Microsoft Container Registry without opening a terminal.

In the Containers tool, click the Images tab.
Click Pull (or + Pull Image depending on the WAC version).
Enter the full image reference, for example mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025.
Click Pull and monitor the progress bar. Large images may take several minutes.

Equivalent PowerShell for image operations on the container host:

# Pull common Windows Server 2025 base images
docker pull mcr.microsoft.com/windows/servercore:ltsc2025
docker pull mcr.microsoft.com/windows/nanoserver:ltsc2025
docker pull mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025

# List local images
docker images

# Remove an image no longer needed
docker rmi mcr.microsoft.com/windows/nanoserver:ltsc2025

# Inspect image details (layers, environment variables, entry point)
docker inspect mcr.microsoft.com/windows/servercore:ltsc2025

Step 5: Starting, Stopping, and Viewing Running Containers

The Containers tab in WAC shows all containers — running, paused, and stopped — with their names, IDs, image, status, and exposed ports. From this view you can start, stop, restart, and remove containers using action buttons.

Click the Containers tab to see the container list.
To start a stopped container, select it and click Start.
To stop a running container gracefully, select it and click Stop.
To remove a container, first stop it, then click Remove.
Click the container name to open its detail view, which includes real-time log output.

# Create and run a new IIS container with port 80 published
docker run -d --name iis-demo -p 8080:80 `
    mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025

# List running containers
docker ps

# List all containers including stopped ones
docker ps -a

# View real-time logs for a container
docker logs -f iis-demo

# Stop a container gracefully (SIGTERM + 10 second timeout, then SIGKILL)
docker stop iis-demo

# Force-remove a running container
docker rm -f iis-demo

# Execute a command inside a running container (open an interactive PowerShell session)
docker exec -it iis-demo powershell

Step 6: Viewing Logs and Configuring Volume Mounts

The container detail view in WAC surfaces logs from the container’s standard output and standard error streams — the same output you would see with docker logs. Volume mounts (bind mounts or named volumes) allow containers to persist data beyond the container’s lifecycle and are configured at container creation time.

# Create a named volume for persistent data
docker volume create iis-logs

# Run a container with the named volume mounted at C:inetpublogsLogFiles
docker run -d --name iis-persistent -p 8080:80 `
    -v iis-logs:C:inetpublogsLogFiles `
    mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025

# Mount a host directory (bind mount) — useful for development
docker run -d --name iis-bindmount -p 8081:80 `
    -v C:WebContent:C:inetpubwwwroot `
    mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025

# List all volumes
docker volume ls

# Inspect a volume (find where Docker stores it on the host)
docker volume inspect iis-logs

# Remove a volume (data is permanently deleted)
docker volume rm iis-logs

In WAC, the Volumes tab lists all named volumes and their mount points. Click a volume to see which containers are currently using it.

Step 7: Container Networking Configuration

Windows containers support several network drivers: nat (default, provides NAT through the host), transparent (container gets an IP on the physical network), overlay (Swarm and Kubernetes multi-host networking), and l2bridge (similar to transparent but with MAC address management). WAC’s Networks tab shows all Docker networks and their connected containers.

# List Docker networks on the host
docker network ls

# Inspect the default nat network
docker network inspect nat

# Create a custom NAT network with a specific subnet
docker network create --driver nat `
    --subnet 192.168.100.0/24 `
    --gateway 192.168.100.1 `
    MyAppNetwork

# Run a container on the custom network
docker run -d --name webapp --network MyAppNetwork `
    -p 8090:80 `
    mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025

# Create a transparent network (container appears directly on the physical LAN)
docker network create -d transparent `
    --subnet 10.10.1.0/24 `
    --gateway 10.10.1.1 `
    TransparentNet

# Connect a running container to an additional network
docker network connect MyAppNetwork iis-demo

# Disconnect a container from a network
docker network disconnect MyAppNetwork iis-demo

Step 8: WAC Containers vs Portainer — Choosing the Right Tool

WAC and Portainer both provide web-based Docker management, but they serve different audiences and deployment models. Understanding where each excels helps you pick the right tool for your environment.

Windows Admin Center strengths: Deep integration with Windows Server management (you manage containers alongside DNS, IIS, event logs, and Hyper-V in one interface); uses Windows authentication (no separate login); well-suited to teams already using WAC for server management; native support for Windows containers and the Windows container-specific networking model.
Portainer strengths: Richer container management UI (console access, environment variable editing, resource limits); better multi-host and Kubernetes cluster support; works equally well with Linux Docker hosts; container stack (Docker Compose) management; stronger role-based access control for multi-team environments; active open-source community with frequent updates.
When to use WAC: Small to medium Windows Server environments where containers are one of several managed services; teams that prefer the integrated Windows management experience; environments standardised on WAC for all server management tasks.
When to use Portainer: Larger container estates; mixed Linux/Windows container environments; environments requiring Kubernetes management; teams that run containers as a primary workload and need the deeper feature set.

# Deploy Portainer as a Docker container on Windows Server 2025
# (as an alternative or complement to WAC container management)
docker volume create portainer_data

docker run -d -p 8000:8000 -p 9443:9443 --name portainer `
    --restart=always `
    -v \.pipedocker_engine:\.pipedocker_engine `
    -v portainer_data:C:data `
    portainer/portainer-ce:latest

# Access Portainer at https://:9443 in a browser
Write-Output "Portainer available at: https://$($env:COMPUTERNAME):9443"

Step 9: WAC as an Entry Point for Kubernetes on Windows Server

WAC 2311 and later include preview support for managing Azure Kubernetes Service (AKS) deployments through the Kubernetes extension, and for AKS on Azure Stack HCI and Windows Server 2025 deployments through the Azure Arc integration. This makes WAC a potential single pane of glass for both container and Kubernetes workloads in Windows-centric environments.

# Install kubectl on the WAC gateway or management server
# (for use alongside WAC's Kubernetes features)
winget install -e --id Kubernetes.kubectl

# Connect kubectl to a cluster (configure kubeconfig)
kubectl config set-cluster MyCluster --server='https://10.10.1.100:6443'
kubectl config set-credentials admin --token='your-token-here'
kubectl config set-context MyCluster --cluster=MyCluster --user=admin
kubectl config use-context MyCluster

# List nodes (confirms connectivity from the management station)
kubectl get nodes -o wide

# WAC's Kubernetes extension surfaces the same information through the browser UI
# For WAC-managed AKS on Azure: register the host with Azure Arc first
# azcmagent connect --resource-group MyRG --tenant-id  --location eastus --subscription-id

Conclusion

Windows Admin Center’s Container extension lowers the barrier to entry for container management on Windows Server 2025, integrating Docker image management, container lifecycle control, log viewing, volume management, and network configuration into the same browser-based interface used for all other Windows Server administration tasks. For administrators expanding their skills from traditional Windows Server management into containerisation, WAC provides a familiar and accessible starting point that builds confidence before moving to more advanced CLI or orchestration workflows. When your container estate grows — or when you need richer access control, Docker Compose stack management, or Kubernetes support — tools like Portainer and kubectl complement WAC naturally. The key is treating WAC as a gateway into the container world, not a ceiling, and pairing it with PowerShell automation as your proficiency and workload complexity increase.

Links

Newsletter

Contact