Simple installation of MongoDB on Windows with security/authorization

If you want a simple installation of MongoDB on your Windows server but still want to make it secure so that you are not open to outside connections without a username and password you have come to the right place. In this post, I will step through how to set up your database to run as a service with authorization. For setting up replica sets and so on you can read this post.

MongoDb is running without authorization by default and even though you set a password to your database for login, you server will still be open for attack.

Back in January 2017 there was a huge global attack on MongoDB servers where they deleted all your databases and demanded Bitcoins to restore.


I will show you 2 simple steps on how to make sure you are save from that kind of attack.

First of all, let’s get the MongoDB server run as a service first, and then add authorization afterword.

1.  Download your MongoDB as a zip file from here, I will pick the version “win32/”

2.  Create a folder on your C drive “c:\mongodb-3.2” and add the bin folder from the zip file you downloaded.

3.  Create the folders data and log in your folder.

4.  Create a file “mongod.cfg” in your folder and add this:

 destination: file
 path: c:\mongodb-3.2\log\mongod.log
 dbPath: c:\mongodb-3.2\data
 port: 27017

5.  Create the service from cmd promt: sc.exe create MongoDB binPath= “\”C:\mongodb-3.2\bin\mongod.exe\” –service –config=\”C:\mongodb-3.2\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”

6.  Start the service from cmd promt: “net start MongoDB”

7.  You can check if MongoDB is running by trying to connect to the shell from cmd promt type: “c:\mongodb-3.2\bin\mongo.exe”


If you don’t have any tools for administrating MongoDB I recommend using this free tool: Robomongo

To enable authorization, you simply have to:

1. Create a user

use admin
     user: "admin",
     pwd: "password",
         { role: "root", db: "admin" }

2. Enable authorization in your config file

    destination: file
    path: c:\mongodb-3.2\data\mongod.log
    dbPath: c:\mongodb-3.2\data
   port: 27017
    authorization: enabled
   enableLocalhostAuthBypass: false

Then restart your MongoDB service and you are secure.

Thanks for reading