Huh. That's not something I've run across - definitely have to try that. Kurt
On Tue, Dec 29, 2015 at 2:43 PM, Michael B. Smith <[email protected]> wrote: > I believe that > > wmic RDPermissions where "TerminalName='console'" call AddAccount > "domain\UserName", 2 > > Should give you what you want. > > But they will need to connect to the console session. > > mstsc.exe /console > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Tuesday, December 29, 2015 4:59 PM > To: ntsysadm > Subject: [NTSysADM] Hyper-V questions > > All, > > We're mostly a VMware environment, so I'm struggling a bit with this > configuration. > > We have a Hyper-V (2012 R2) host in our DMZ with its own AD infrastructure. > > We're trying to stand up some VMs to which a few of our support staff can log > in, and support some of our customers. > > The catch is that they use the VMs to start a VPN client, and many of our > customers turn off split tunneling, which means that merely logging into the > VM with RDP won't cut it, because once a dedicated/non-split tunnel is > connected, the RDP connectiion to the VM fails. > > In vSphere, I can assign access permissions to a VM, and the user can only > get console access to that VM, and can't touch, or even see, the other VMs in > the cluster. > > Is there any similar facility in Hyper-V? I don't want our support staff to > have access to all of the VMs on the host, nor be able to do any real > management of the host. At most, they should have standard user rights on the > VM, but they need the equivalent of the VMware console access. > > Help and pointers much appreciated. > > Kurt > >
