Hyper v manager and domain users

Hello,

I am trying to allow domain users the ability to manage VMs from Hyper v manager without giving them access to log on to the hyper v host remotely. I thought this is what the hyper-v administrators group was , but it doesnt work unless the users are added to the local admin's group on the hyper-v host which also gives them the ability to remote in

How can I accomplish this??
Thanks in advance
Curtis BookerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
McKnifeConnect With a Mentor Commented:
Not really. Using azman.msc, you can give users permission per server, not per guest. Unless you want per server, you will need to buy a management suites for hyper-v.

What you could do as a workaround (I don't know if you are the flexible type), is use event triggered tasks. To give you an idea: imagine your user would like to take a snapshot of guest System X, then we could setup a share that is writable for user X and whenever he creates  a file inside that share, a snapshot would be triggered on file creation. The same is possible for any hyper-v command that one can imagine. All commands are powershell based.
0
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Hyper-V has its own discreet permission system that is managed with the Authorization Manager (AZMAN) tool: https://technet.microsoft.com/en-us/library/dd283030(v=ws.10).aspx
0
 
Curtis BookerAuthor Commented:
Is azman.msc run on the hyper-v host or a Domain Contoller or does it matter??
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Adam BrownSr Solutions ArchitectCommented:
It's run on the Hyper-V host.
0
 
Curtis BookerAuthor Commented:
Yeah that's what I thought. But once I remove the user from the hyper-v local admins group he can't use hyper-v manager to access vms. I want to have him access vms without him being in local admins
0
 
Curtis BookerAuthor Commented:
Yeah that's what I thought. But once I remove the user from the hyper-v local admins group he can't use hyper-v manager to access vms. I want to have him access vms without him being in local admins

Is there a way to do this?
0
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Yes, you have to grant the permission to manage VMs in AZMan to either the user or the group that you want to be able to manage VMs remotely. Local Admins is granted VM Management rights by default, but the only way to grant that right to other users (aside from using VMM manager or other tools, which basically just make modifications to the AzMan data) is through AZMan. No other groups on the server have VM management rights by default, which is why you have to grant permissions.

If you don't want users to access the VM Host directly, you have to go into AZMAN.msc and grant the users or groups permission to manage the VMs. Once you do that, they'll be able to use any Hyper-V manager console to manage the VMs.

Now, AZMan *was* deprecated in 2012, so if you're on 2012 (No mention of OS Version here) you should be able to just manage admins with the Hyper-V Admins group on the host, *but* you will also need to make sure that the users are granted the necessary rights to access the server over the network. Run RSOP.MSC on the server and check the user rights assignment settings, particularly the Access This Computer from the Network right. If your user isn't part of a group listed there, they won't be able to manage Hyper-V remotely.
0
 
Curtis BookerAuthor Commented:
Adam & McKnife --I think that's what I been missing is giving users the right to access over network. I'll try that tomorrow when I get in.
 Oh & I'm using Windows Server 2012 R2 & Windows 10 Clients --

Thanks again
0
All Courses

From novice to tech pro — start learning today.