How to Install MongoDB on Windows Server 2025
MongoDB is the leading NoSQL document database, storing data in flexible, JSON-like BSON documents rather than rigid rows and columns. Its ability to handle unstructured data, its horizontal scalability through sharding, and its rich aggregation framework make it a popular choice for modern web applications, content management systems, IoT data pipelines, and real-time analytics. This guide covers the complete installation of MongoDB Community Server on Windows Server 2025 using the official MSI installer, configuring it as a Windows service with authentication enabled, setting up the WiredTiger storage engine cache, creating an administrative user, and validating your setup with MongoDB Compass.
Prerequisites
- Windows Server 2025 (Standard or Datacenter), fully updated
- Administrator privileges on the target server
- Minimum 4 GB RAM; 8 GB or more recommended for production
- 20 GB or more free disk space on the drive that will host MongoDB data files
- The Microsoft Visual C++ Redistributable 2019+ installed (the MongoDB installer checks for this)
- Access to mongodb.com or a pre-downloaded MSI
Step 1 — Download the MongoDB Community Server MSI
Visit https://www.mongodb.com/try/download/community, select version 7.0 (LTS), platform Windows, package MSI, and click Download. Save the installer to C:Installers. You can also automate the download:
# Download MongoDB 7.0 MSI
$url = "https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-7.0.12-signed.msi"
$dest = "C:Installersmongodb-7.0.12.msi"
Invoke-WebRequest -Uri $url -OutFile $dest -UseBasicParsing
Write-Host "Download complete: $dest"Step 2 — Install MongoDB as a Windows Service
Run the MSI as Administrator. Work through the Setup Wizard:
- Accept the License Agreement.
- Choose Complete installation type (installs all components).
- On the Service Configuration screen:
- Check Install MongoD as a Service.
- Service Name:
MongoDB(default). - Data Directory: Change from the default to a dedicated volume, e.g.
D:MongoDatadata. - Log Directory:
D:MongoDatalog. - Run the service as Network Service (appropriate for most environments) or a dedicated service account.
- On the Install MongoDB Compass screen, leave the checkbox ticked — Compass is the official GUI and is extremely useful.
- Click Install then Finish.
Confirm the service started:
Get-Service -Name "MongoDB"
# Expected: Status = Running
# View the service details
Get-Service MongoDB | Format-List *Step 3 — Review and Edit mongod.cfg
The MongoDB configuration file is located at C:Program FilesMongoDBServer7.0binmongod.cfg. Open it as Administrator:
notepad "C:Program FilesMongoDBServer7.0binmongod.cfg"Replace or update the contents with a production-appropriate configuration:
systemLog:
destination: file
path: D:MongoDatalogmongod.log
logAppend: true
logRotate: reopen
storage:
dbPath: D:MongoDatadata
journal:
enabled: true
wiredTiger:
engineConfig:
# Set to ~50% of available RAM; leave the rest for OS and filesystem cache
cacheSizeGB: 4
collectionConfig:
blockCompressor: snappy
indexConfig:
prefixCompression: true
net:
port: 27017
bindIp: 127.0.0.1,0.0.0.0 # listen on all interfaces; restrict via firewall
# bindIp: 127.0.0.1,192.168.1.50 # preferred: specify exact IPs
security:
authorization: enabled # MUST be enabled for production
processManagement:
windowsService:
serviceName: MongoDB
displayName: MongoDB
description: MongoDB 7.0 Database Service
operationProfiling:
mode: slowOp
slowOpThresholdMs: 100 # log operations slower than 100msSave the file, then restart the service to apply changes:
Restart-Service -Name "MongoDB"
Get-Service -Name "MongoDB" # confirm RunningStep 4 — Create the Administrative User
With security.authorization: enabled, you must create at least one administrative user before MongoDB will accept authenticated connections. Connect with mongosh (the MongoDB shell, installed alongside the server):
# Add mongosh to PATH for the current session
$env:PATH += ";C:Program FilesMongoDBServer7.0bin"
# Connect without authentication (only possible on localhost before any user exists)
mongosh --host 127.0.0.1 --port 27017Inside mongosh, switch to the admin database and create a superuser:
// Switch to admin database
use admin
// Create the root administrative user
db.createUser({
user: "mongoAdmin",
pwd: passwordPrompt(), // prompts securely; do not hard-code passwords
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
// Verify the user was created
db.getUsers()Exit and reconnect with authentication to verify:
exit# Reconnect with credentials
mongosh --host 127.0.0.1 --port 27017 --username mongoAdmin --authenticationDatabase adminStep 5 — Create an Application Database and User
Always use a least-privilege application account rather than the admin user for your application:
// Create the application database
use myappdb
// Create a dedicated application user with restricted permissions
db.createUser({
user: "appuser",
pwd: passwordPrompt(),
roles: [
{ role: "readWrite", db: "myappdb" }
]
})
// Insert a test document to verify readWrite access
db.testcollection.insertOne({ name: "Hello, MongoDB!", created: new Date() })
// Query it back
db.testcollection.find().pretty()
// Update a document
db.testcollection.updateOne(
{ name: "Hello, MongoDB!" },
{ $set: { status: "active" } }
)
// Delete the test document
db.testcollection.deleteOne({ name: "Hello, MongoDB!" })
exitStep 6 — Open Windows Firewall Port 27017
# Allow inbound TCP on port 27017
New-NetFirewallRule `
-DisplayName "MongoDB 27017" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 27017 `
-Action Allow `
-Profile Domain,Private
# For extra security, restrict to specific remote IPs:
New-NetFirewallRule `
-DisplayName "MongoDB 27017 App Server" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 27017 `
-RemoteAddress "10.10.5.0/24" `
-Action Allow `
-Profile Domain,Private
# Verify
Get-NetFirewallRule -DisplayName "MongoDB 27017" | Select-Object DisplayName, EnabledStep 7 — Connect with MongoDB Compass
MongoDB Compass was installed alongside the server. Open it from the Start Menu. In the connection dialog:
- Use the connection string format:
mongodb://mongoAdmin:[email protected]:27017/?authSource=admin - Or fill in the fields manually: Host
127.0.0.1, Port27017, Authentication Username/Password, UsernamemongoAdmin, Auth DBadmin. - Click Connect. Compass displays all databases, collections, and document counts.
- Use the Aggregation Pipeline Builder, Schema Analyzer, and Explain Plan tools for query optimisation.
Step 8 — Tune WiredTiger Cache and Verify Performance
The WiredTiger storage engine is MongoDB’s default and provides excellent performance with compression. The most impactful tuning parameter is cacheSizeGB, already set in Step 3. To verify the cache in use at runtime:
// Check WiredTiger cache statistics
db.serverStatus().wiredTiger.cache
// Check current connections and operation counters
db.serverStatus().connections
db.serverStatus().opcounters
// View slow query log (from mongosh)
use admin
db.system.profile.find({ millis: { $gt: 100 } }).sort({ millis: -1 }).limit(10)Conclusion
You have successfully installed MongoDB 7.0 Community Server on Windows Server 2025 as a hardened Windows service, configured the WiredTiger cache for your hardware, enabled authentication, and created both an administrative account and a least-privilege application account. The mongod.cfg settings established cover logging, journaling, and slow-operation profiling — a solid foundation for a production deployment. Next steps include configuring a replica set for high availability (even a three-member replica set on a single server using different ports is better than a standalone for production), setting up MongoDB Atlas-compatible monitoring with MongoDB Ops Manager or a Prometheus/Grafana stack, and scheduling regular backups with mongodump or MongoDB’s oplog-based continuous backup.
