That pretty much sums it up - except that I only want them to be able to get at certain VMs.
That is, they should only be able to see the VMs I want them to see, and be unable to manipulate the host or the unseen VMs - and they shouldn't be able to change the settings on their VMs either. Just log in at the VM console, and do normal user activities on that VM. Kurt On Tue, Dec 29, 2015 at 3:12 PM, Richard Stovall <[email protected]> wrote: > You're trying to give them the ability to logon to the VM's console using > the Hyper-V client, right? In other words, their connection is really to > the host? Anything RDP directly to the VM will fail one the VPN tunnel > starts? > > On Dec 29, 2015 5:01 PM, "Kurt Buff" <[email protected]> wrote: >> >> All, >> >> We're mostly a VMware environment, so I'm struggling a bit with this >> configuration. >> >> We have a Hyper-V (2012 R2) host in our DMZ with its own AD >> infrastructure. >> >> We're trying to stand up some VMs to which a few of our support staff >> can log in, and support some of our customers. >> >> The catch is that they use the VMs to start a VPN client, and many of >> our customers turn off split tunneling, which means that merely >> logging into the VM with RDP won't cut it, because once a >> dedicated/non-split tunnel is connected, the RDP connectiion to the VM >> fails. >> >> In vSphere, I can assign access permissions to a VM, and the user can >> only get console access to that VM, and can't touch, or even see, the >> other VMs in the cluster. >> >> Is there any similar facility in Hyper-V? I don't want our support >> staff to have access to all of the VMs on the host, nor be able to do >> any real management of the host. At most, they should have standard >> user rights on the VM, but they need the equivalent of the VMware >> console access. >> >> Help and pointers much appreciated. >> >> Kurt >> >> >
