I believe that
wmic RDPermissions where "TerminalName='console'" call AddAccount
"domain\UserName", 2
Should give you what you want.
But they will need to connect to the console session.
mstsc.exe /console
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Kurt Buff
Sent: Tuesday, December 29, 2015 4:59 PM
To: ntsysadm
Subject: [NTSysADM] Hyper-V questions
All,
We're mostly a VMware environment, so I'm struggling a bit with this
configuration.
We have a Hyper-V (2012 R2) host in our DMZ with its own AD infrastructure.
We're trying to stand up some VMs to which a few of our support staff can log
in, and support some of our customers.
The catch is that they use the VMs to start a VPN client, and many of our
customers turn off split tunneling, which means that merely logging into the VM
with RDP won't cut it, because once a dedicated/non-split tunnel is connected,
the RDP connectiion to the VM fails.
In vSphere, I can assign access permissions to a VM, and the user can only get
console access to that VM, and can't touch, or even see, the other VMs in the
cluster.
Is there any similar facility in Hyper-V? I don't want our support staff to
have access to all of the VMs on the host, nor be able to do any real
management of the host. At most, they should have standard user rights on the
VM, but they need the equivalent of the VMware console access.
Help and pointers much appreciated.
Kurt
