Kurt, What you may be looking for is the "Virtual Machine Connection" tool
https://technet.microsoft.com/en-us/library/cc742407.aspx http://www.virtuatopia.com/index.php/The_Hyper-V_Virtual_Machine_Connection_Tool Regarding permissions, see the following: https://robertsmit.wordpress.com/2013/07/26/windows-server-2012r2-grant-access-to-hyper-v-vms-hyper-v-ws2012r2-winserv-msftprivatecloud/ You may need to use the VirtualMachineViewer from SCVMM to serve your purposes. Also see: http://blogs.technet.com/b/askds/archive/2014/08/21/hate-to-see-you-go-but-it-s-time-to-move-on-to-greener-pastures-a-farewell-to-authorization-manger-aka-azman.aspx Regards, *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Tue, Dec 29, 2015 at 7:05 PM, Michael B. Smith <[email protected]> wrote: > That's.... tough. I've never needed to pursue that scenario before, so > ignore what I wrote before. :-) > > If someone has access to the hyper-v console, they are assumed to have > some level of elevated privilege. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kurt Buff > Sent: Tuesday, December 29, 2015 6:20 PM > To: ntsysadm > Subject: Re: [NTSysADM] Hyper-V questions > > That pretty much sums it up - except that I only want them to be able to > get at certain VMs. > > That is, they should only be able to see the VMs I want them to see, and > be unable to manipulate the host or the unseen VMs - and they shouldn't be > able to change the settings on their VMs either. Just log in at the VM > console, and do normal user activities on that VM. > > Kurt > > On Tue, Dec 29, 2015 at 3:12 PM, Richard Stovall <[email protected]> > wrote: > > You're trying to give them the ability to logon to the VM's console > > using the Hyper-V client, right? In other words, their connection is > > really to the host? Anything RDP directly to the VM will fail one the > > VPN tunnel starts? > > > > On Dec 29, 2015 5:01 PM, "Kurt Buff" <[email protected]> wrote: > >> > >> All, > >> > >> We're mostly a VMware environment, so I'm struggling a bit with this > >> configuration. > >> > >> We have a Hyper-V (2012 R2) host in our DMZ with its own AD > >> infrastructure. > >> > >> We're trying to stand up some VMs to which a few of our support staff > >> can log in, and support some of our customers. > >> > >> The catch is that they use the VMs to start a VPN client, and many of > >> our customers turn off split tunneling, which means that merely > >> logging into the VM with RDP won't cut it, because once a > >> dedicated/non-split tunnel is connected, the RDP connectiion to the > >> VM fails. > >> > >> In vSphere, I can assign access permissions to a VM, and the user can > >> only get console access to that VM, and can't touch, or even see, the > >> other VMs in the cluster. > >> > >> Is there any similar facility in Hyper-V? I don't want our support > >> staff to have access to all of the VMs on the host, nor be able to do > >> any real management of the host. At most, they should have standard > >> user rights on the VM, but they need the equivalent of the VMware > >> console access. > >> > >> Help and pointers much appreciated. > >> > >> Kurt > >> > >> > > > > >
