We help IT Professionals succeed at work.

Hyper-V Server: add "read only" users for Hyper-V Manager

2,752 Views
Last Modified: 2013-11-06
We have over a dozen Hyper-V 2008 R2 Servers (standalone, not Server Core or OS role) in our organization.  Love it!  Great stuff.

That said, the management of Hyper-V Server leaves a bit to be desired at times.  To be specific, how can I create "read only" users that can user Hyper-V Manager to connect to our corp Hyper-V Servers, but only to see which virtual instances are running?  In other words, user JSmith might have full-control over HVcorp1 server (local admin on that server), but only read-access to the HVcorp4 server.  Is this possible?  Can they simply be assigned to a local group on the HVcorp4 server -- such as the "users" group?

I found this Technet article which explains some of this functionality, but the process seems unnecessarily laborious.  

http://social.technet.microsoft.com/wiki/contents/articles/hyper-v-delegate-access-control-and-management.aspx

Isn't there a better way??  If so, how?

Thanks,

Chumplet
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Very interesting.

Honestly, I'm somewhat ashamed to say that for all of our Hyper-V Server use around here, we don't actually use SCVMM at all.  We do, however, have access to that product by nature of our MSDN Subscription.

Can you help me understand how SCVMM is rolled out?  Would I install it onto a stand-alone box that users would connect to?  Should the self-service portal be installed on a separate box, or on the same?

Thanks.
I would say for deployment it all depends on how critical an application it becomes. I recommend you use a separate physical machine for SCVMM instead of making it a guest VM. The deployment is very straight forward and wizard driven, so if you had a total hardware failure on that box, the most you would lose is any custom deployment images you may have built, and if you are backing those up to tape, you have a simple recovery model. The SCVMM default is to install to local disk with sql express, and then you tell it where your Hyper-V or even Vmware clusters, or stand alone servers are located, and it automatically begins to manage them, so you have full control of VM's and their deployments. the library takes a little getting used to for storing golden image builds, but works well. I would definitely recommend you install the SCVMM SP1 media so you have full dynamic memory support. You can install the Self Service Portal on either the same box or a separate one, its very lightweight.
the self service portal application is on the SCVMM SP1 media for install, but the app and the documentation is here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=fef38539-ae5a-462b-b1c9-9a02238bb8a7&displaylang=en 
Philip ElderTechnical Architect - HA/Compute/Storage
CERTIFIED EXPERT

Commented:
The article you point to is what we would do.

AzMan is your best friend when it come to getting granular with access permissions.

We manage multiple Hyper-V standalone and clustered servers using native tools. You are not alone. :)

Philip

Author

Commented:
Wow!  Just got through getting SCVMM R2 installed, and what a product it is!  Just insanely powerful and full-featured, especially compared to the standard Hyper-V Manager console, which is lacking in many ways.

Anyhow, I do have the Self-Service Portal installed and working, but there is a lot for me to figure out there.  Looks like a great direction, though.

Thank you for your help :)

Chumplet
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.