And yet it's so easy under vSphere. :) It's beginning to look like I need to spin up SCVMM, and see what I can do with it.
Kurt On Tue, Dec 29, 2015 at 4:05 PM, Michael B. Smith <[email protected]> wrote: > That's.... tough. I've never needed to pursue that scenario before, so ignore > what I wrote before. :-) > > If someone has access to the hyper-v console, they are assumed to have some > level of elevated privilege. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Tuesday, December 29, 2015 6:20 PM > To: ntsysadm > Subject: Re: [NTSysADM] Hyper-V questions > > That pretty much sums it up - except that I only want them to be able to get > at certain VMs. > > That is, they should only be able to see the VMs I want them to see, and be > unable to manipulate the host or the unseen VMs - and they shouldn't be able > to change the settings on their VMs either. Just log in at the VM console, > and do normal user activities on that VM. > > Kurt > > On Tue, Dec 29, 2015 at 3:12 PM, Richard Stovall <[email protected]> wrote: >> You're trying to give them the ability to logon to the VM's console >> using the Hyper-V client, right? In other words, their connection is >> really to the host? Anything RDP directly to the VM will fail one the >> VPN tunnel starts? >> >> On Dec 29, 2015 5:01 PM, "Kurt Buff" <[email protected]> wrote: >>> >>> All, >>> >>> We're mostly a VMware environment, so I'm struggling a bit with this >>> configuration. >>> >>> We have a Hyper-V (2012 R2) host in our DMZ with its own AD >>> infrastructure. >>> >>> We're trying to stand up some VMs to which a few of our support staff >>> can log in, and support some of our customers. >>> >>> The catch is that they use the VMs to start a VPN client, and many of >>> our customers turn off split tunneling, which means that merely >>> logging into the VM with RDP won't cut it, because once a >>> dedicated/non-split tunnel is connected, the RDP connectiion to the >>> VM fails. >>> >>> In vSphere, I can assign access permissions to a VM, and the user can >>> only get console access to that VM, and can't touch, or even see, the >>> other VMs in the cluster. >>> >>> Is there any similar facility in Hyper-V? I don't want our support >>> staff to have access to all of the VMs on the host, nor be able to do >>> any real management of the host. At most, they should have standard >>> user rights on the VM, but they need the equivalent of the VMware >>> console access. >>> >>> Help and pointers much appreciated. >>> >>> Kurt >>> >>> >> > >
