More things to try. Very nice. Thanks for this.
Kurt On Tue, Dec 29, 2015 at 4:24 PM, Andrew S. Baker <[email protected]> wrote: > Kurt, > > What you may be looking for is the "Virtual Machine Connection" tool > > https://technet.microsoft.com/en-us/library/cc742407.aspx > > http://www.virtuatopia.com/index.php/The_Hyper-V_Virtual_Machine_Connection_Tool > > Regarding permissions, see the following: > > https://robertsmit.wordpress.com/2013/07/26/windows-server-2012r2-grant-access-to-hyper-v-vms-hyper-v-ws2012r2-winserv-msftprivatecloud/ > > You may need to use the VirtualMachineViewer from SCVMM to serve your > purposes. > > > Also see: > http://blogs.technet.com/b/askds/archive/2014/08/21/hate-to-see-you-go-but-it-s-time-to-move-on-to-greener-pastures-a-farewell-to-authorization-manger-aka-azman.aspx > > Regards, > > > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A > > > On Tue, Dec 29, 2015 at 7:05 PM, Michael B. Smith <[email protected]> > wrote: > >> That's.... tough. I've never needed to pursue that scenario before, so >> ignore what I wrote before. :-) >> >> If someone has access to the hyper-v console, they are assumed to have >> some level of elevated privilege. >> >> -----Original Message----- >> From: [email protected] [mailto: >> [email protected]] On Behalf Of Kurt Buff >> Sent: Tuesday, December 29, 2015 6:20 PM >> To: ntsysadm >> Subject: Re: [NTSysADM] Hyper-V questions >> >> That pretty much sums it up - except that I only want them to be able to >> get at certain VMs. >> >> That is, they should only be able to see the VMs I want them to see, and >> be unable to manipulate the host or the unseen VMs - and they shouldn't be >> able to change the settings on their VMs either. Just log in at the VM >> console, and do normal user activities on that VM. >> >> Kurt >> >> On Tue, Dec 29, 2015 at 3:12 PM, Richard Stovall <[email protected]> >> wrote: >> > You're trying to give them the ability to logon to the VM's console >> > using the Hyper-V client, right? In other words, their connection is >> > really to the host? Anything RDP directly to the VM will fail one the >> > VPN tunnel starts? >> > >> > On Dec 29, 2015 5:01 PM, "Kurt Buff" <[email protected]> wrote: >> >> >> >> All, >> >> >> >> We're mostly a VMware environment, so I'm struggling a bit with this >> >> configuration. >> >> >> >> We have a Hyper-V (2012 R2) host in our DMZ with its own AD >> >> infrastructure. >> >> >> >> We're trying to stand up some VMs to which a few of our support staff >> >> can log in, and support some of our customers. >> >> >> >> The catch is that they use the VMs to start a VPN client, and many of >> >> our customers turn off split tunneling, which means that merely >> >> logging into the VM with RDP won't cut it, because once a >> >> dedicated/non-split tunnel is connected, the RDP connectiion to the >> >> VM fails. >> >> >> >> In vSphere, I can assign access permissions to a VM, and the user can >> >> only get console access to that VM, and can't touch, or even see, the >> >> other VMs in the cluster. >> >> >> >> Is there any similar facility in Hyper-V? I don't want our support >> >> staff to have access to all of the VMs on the host, nor be able to do >> >> any real management of the host. At most, they should have standard >> >> user rights on the VM, but they need the equivalent of the VMware >> >> console access. >> >> >> >> Help and pointers much appreciated. >> >> >> >> Kurt >> >> >> >> >> > >> >> >> >
