How to Install MariaDB on Windows Server 2025

MariaDB is a community-developed, open-source relational database management system that began as a drop-in replacement for MySQL following Oracle’s acquisition of Sun Microsystems. Today, MariaDB has diverged significantly from MySQL, introducing its own storage engines (Aria, ColumnStore, Spider), superior JSON handling, better query optimiser statistics, and a more permissive open-source license (GPLv2 without Oracle’s commercial exceptions). For many workloads — particularly web applications, e-commerce platforms, and CMSes like WordPress — MariaDB delivers excellent performance, broad compatibility, and an active development community. This guide covers the complete installation of MariaDB on Windows Server 2025, post-install security hardening, tuning the InnoDB storage engine, and connecting with HeidiSQL.

Prerequisites

  • Windows Server 2025 (Standard or Datacenter), fully patched
  • Administrator privileges
  • At least 4 GB RAM; 8 GB or more for production database servers
  • 20 GB or more free disk space on a dedicated data volume (e.g. D:)
  • Access to mariadb.org/download or a pre-staged MSI installer
  • Windows Firewall or a network firewall where you can open TCP port 3306

Step 1 — Download the MariaDB MSI Installer

Navigate to https://mariadb.org/download/, select the latest stable release (MariaDB 11.4 LTS as of 2025), the Windows operating system, and the MSI Package (x86_64). Save the file to C:Installers.

# Download MariaDB 11.4 LTS MSI
$url  = "https://downloads.mariadb.org/rest-api/mariadb/11.4.3/mariadb-11.4.3-winx64.msi"
$dest = "C:Installersmariadb-11.4.3-winx64.msi"
Invoke-WebRequest -Uri $url -OutFile $dest -UseBasicParsing
Write-Host "Downloaded: $dest"

Step 2 — Run the MSI Installer

Right-click the MSI and choose Run as administrator. Step through the wizard:

  1. Accept the License Agreement (GPL v2).
  2. Choose Typical or Custom. Custom lets you change the installation directory (default: C:Program FilesMariaDB 11.4).
  3. On the Default Instance Properties screen:
    • Modify password for database user ‘root’ — Set a strong root password and record it in your password manager.
    • Enable access from remote machines for ‘root’ user — Leave this unchecked for security; create a separate remote user in Step 6.
    • Use UTF8 as default server’s character set — Check this box; UTF-8 (utf8mb4 in MariaDB) is the correct choice for modern applications.
    • Install as service — Leave checked. Service name: MySQL (MariaDB uses this name for drop-in compatibility).
    • Enable networking — Leave checked. Port: 3306.
  4. Click Install and wait for completion. The installer initialises the data directory and creates the Windows service.

Verify the service:

Get-Service -Name "MySQL"
# Status should be Running

# Confirm it's MariaDB (not MySQL)
& "C:Program FilesMariaDB 11.4binmysql.exe" --version
# Output: C:Program FilesMariaDB 11.4binmysql.exe  Ver 15.1 Distrib 11.4.3-MariaDB, for Win64

Step 3 — Locate and Review my.ini

MariaDB’s main configuration file on Windows is my.ini, located in the data directory (not the program directory). The data directory defaults to C:Program FilesMariaDB 11.4data unless you customised it during installation. For production, this should be on a separate volume:

# Find the data directory path from the running service
Get-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesMySQL" | Select-Object ImagePath

# Open my.ini (adjust path to match your data directory)
notepad "C:Program FilesMariaDB 11.4datamy.ini"

Step 4 — Tune my.ini for Production Performance

Add or update the following settings. Values assume a dedicated 16 GB RAM server running MariaDB as its primary workload:

[mysqld]
# Basic settings
port = 3306
datadir = C:Program FilesMariaDB 11.4data
# If using a separate data volume:
# datadir = D:MariaDBDatadata

# Character set — utf8mb4 supports full Unicode including emoji
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci

# Networking
bind-address = 0.0.0.0    # listen on all interfaces; restrict access via firewall
skip-name-resolve         # skip reverse DNS lookups for faster connection handling

# Connections
max_connections = 300
max_connect_errors = 100000
wait_timeout = 600
interactive_timeout = 600

# InnoDB storage engine — most important tuning parameters
innodb_buffer_pool_size = 8G       # ~50-70% of total RAM for dedicated DB servers
innodb_buffer_pool_instances = 8   # one per GB of buffer pool (up to 64)
innodb_log_file_size = 1G          # larger = better write performance, slower crash recovery
innodb_log_buffer_size = 64M
innodb_flush_log_at_trx_commit = 1  # 1=ACID-safe; 2=faster, 1-second data loss risk
innodb_flush_method = O_DSYNC       # on Windows; O_DIRECT on Linux
innodb_file_per_table = ON          # one .ibd file per table — easier management
innodb_io_capacity = 2000           # tune to your disk IOPS (SSD: 2000-10000)
innodb_io_capacity_max = 4000
innodb_read_io_threads = 8
innodb_write_io_threads = 8

# Query cache (disabled in MariaDB 10.6+ by default; leave off for high-concurrency)
# query_cache_type = 0
# query_cache_size = 0

# Slow query log — identify problematic queries
slow_query_log = ON
slow_query_log_file = C:Program FilesMariaDB 11.4dataslow-queries.log
long_query_time = 2              # log queries taking more than 2 seconds
log_queries_not_using_indexes = ON

# Binary logging (required for replication and point-in-time recovery)
log_bin = mysql-bin
binlog_format = ROW
expire_logs_days = 7
server_id = 1                    # must be unique in a replication topology

# Error log
log_error = C:Program FilesMariaDB 11.4datamariadb-error.log

Restart the service after editing:

Restart-Service -Name "MySQL"
Get-Service -Name "MySQL"

Step 5 — Harden Security (mysql_secure_installation Equivalent)

MariaDB ships with some insecure defaults. Run these commands as root to harden the installation:

# Connect as root
& "C:Program FilesMariaDB 11.4binmysql.exe" -u root -p
-- Remove anonymous users
DELETE FROM mysql.user WHERE User = '';

-- Remove test database
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db = 'test' OR Db = 'test\_%';

-- Ensure root can only connect from localhost
DELETE FROM mysql.user WHERE User = 'root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

-- Change root password (strong password with complexity)
ALTER USER 'root'@'localhost' IDENTIFIED BY 'N3wStr0ng!RootP@ss';

-- Apply changes
FLUSH PRIVILEGES;

-- Verify remaining users
SELECT User, Host, plugin FROM mysql.user;

Step 6 — Create Databases and Application Users

-- Create an application database
CREATE DATABASE myapp_db
  CHARACTER SET utf8mb4
  COLLATE utf8mb4_unicode_ci;

-- Create a least-privilege application user restricted to that database
CREATE USER 'appuser'@'10.10.5.%' IDENTIFIED BY 'AppUserStr0ng!Pass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, EXECUTE
  ON myapp_db.*
  TO 'appuser'@'10.10.5.%';

-- Create a read-only reporting user
CREATE USER 'reportuser'@'192.168.1.%' IDENTIFIED BY 'Rep0rtUser!Pass';
GRANT SELECT ON myapp_db.* TO 'reportuser'@'192.168.1.%';

FLUSH PRIVILEGES;

-- Verify grants
SHOW GRANTS FOR 'appuser'@'10.10.5.%';

Step 7 — Open Windows Firewall for Port 3306

New-NetFirewallRule `
    -DisplayName "MariaDB 3306" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 3306 `
    -Action Allow `
    -Profile Domain,Private

# Optionally restrict to application server subnet
New-NetFirewallRule `
    -DisplayName "MariaDB 3306 AppSubnet" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 3306 `
    -RemoteAddress "10.10.5.0/24" `
    -Action Allow `
    -Profile Domain,Private

Get-NetFirewallRule -DisplayName "MariaDB 3306" | Select-Object DisplayName, Enabled

Step 8 — Connect with HeidiSQL

HeidiSQL is a free, open-source GUI client for MariaDB and MySQL available from https://www.heidisql.com/download.php. Install it on your workstation or the server itself.

  1. Launch HeidiSQL and click New in the Session Manager.
  2. Network type: MariaDB or MySQL (TCP/IP).
  3. Hostname: 127.0.0.1 (or the server’s IP for remote connections).
  4. User: root, Password: your root password, Port: 3306.
  5. Click Open. HeidiSQL displays all databases, tables, and lets you run queries, export data, and manage users visually.

MariaDB vs MySQL — Key Differences

While MariaDB began as a MySQL fork and remains largely compatible at the SQL and protocol level, there are important differences to be aware of:

  • Storage engines: MariaDB adds Aria (crash-safe replacement for MyISAM), ColumnStore (columnar analytics), and Spider (sharding). MySQL has no equivalent.
  • JSON: MariaDB stores JSON as text with JSON functions; MySQL 8+ has a native JSON binary type. MariaDB 10.9+ supports a compatible binary JSON storage.
  • Thread pool: MariaDB includes a high-performance thread pool in the Community edition; MySQL only offers it in Enterprise.
  • Sequence engine: MariaDB provides a SEQUENCE object for generating series without a table.
  • Optimizer: MariaDB uses histogram statistics (from 10.0+) and often makes better plans for complex queries.
  • License: MariaDB is GPL v2 only; MySQL dual-licenses (GPL + commercial). MariaDB’s BSL (Business Source License) applies only to MaxScale, not the server.

Conclusion

You now have a production-hardened MariaDB 11.4 LTS installation on Windows Server 2025, with InnoDB tuned for your hardware, UTF-8 as the default character set, slow query logging enabled, and binary logging active for future replication or point-in-time recovery. Anonymous users have been removed, the test database is gone, and application users are granted only the permissions they need. The next steps are to implement a regular backup strategy using mariabackup (the MariaDB hot backup tool, analogous to Percona XtraBackup) or scheduled mysqldump exports, to evaluate Galera Cluster for multi-master high availability, and to use the Performance Schema and slow query log together with pt-query-digest from Percona Toolkit to identify and optimise the most expensive queries in your workload.