You're very welcome...
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Tue, Dec 29, 2015 at 7:28 PM, Kurt Buff <[email protected]> wrote: > More things to try. Very nice. > > Thanks for this. > > Kurt > > On Tue, Dec 29, 2015 at 4:24 PM, Andrew S. Baker <[email protected]> > wrote: > >> Kurt, >> >> What you may be looking for is the "Virtual Machine Connection" tool >> >> https://technet.microsoft.com/en-us/library/cc742407.aspx >> >> http://www.virtuatopia.com/index.php/The_Hyper-V_Virtual_Machine_Connection_Tool >> >> Regarding permissions, see the following: >> >> https://robertsmit.wordpress.com/2013/07/26/windows-server-2012r2-grant-access-to-hyper-v-vms-hyper-v-ws2012r2-winserv-msftprivatecloud/ >> >> You may need to use the VirtualMachineViewer from SCVMM to serve your >> purposes. >> >> >> Also see: >> http://blogs.technet.com/b/askds/archive/2014/08/21/hate-to-see-you-go-but-it-s-time-to-move-on-to-greener-pastures-a-farewell-to-authorization-manger-aka-azman.aspx >> >> Regards, >> >> >> >> >> >> >> >> >> *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> >> *Providing Virtual CIO Services (IT Operations & Information Security) >> for the SMB market…* >> >> * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A >> >> >> On Tue, Dec 29, 2015 at 7:05 PM, Michael B. Smith <[email protected]> >> wrote: >> >>> That's.... tough. I've never needed to pursue that scenario before, so >>> ignore what I wrote before. :-) >>> >>> If someone has access to the hyper-v console, they are assumed to have >>> some level of elevated privilege. >>> >>> -----Original Message----- >>> From: [email protected] [mailto: >>> [email protected]] On Behalf Of Kurt Buff >>> Sent: Tuesday, December 29, 2015 6:20 PM >>> To: ntsysadm >>> Subject: Re: [NTSysADM] Hyper-V questions >>> >>> That pretty much sums it up - except that I only want them to be able to >>> get at certain VMs. >>> >>> That is, they should only be able to see the VMs I want them to see, and >>> be unable to manipulate the host or the unseen VMs - and they shouldn't be >>> able to change the settings on their VMs either. Just log in at the VM >>> console, and do normal user activities on that VM. >>> >>> Kurt >>> >>> On Tue, Dec 29, 2015 at 3:12 PM, Richard Stovall <[email protected]> >>> wrote: >>> > You're trying to give them the ability to logon to the VM's console >>> > using the Hyper-V client, right? In other words, their connection is >>> > really to the host? Anything RDP directly to the VM will fail one the >>> > VPN tunnel starts? >>> > >>> > On Dec 29, 2015 5:01 PM, "Kurt Buff" <[email protected]> wrote: >>> >> >>> >> All, >>> >> >>> >> We're mostly a VMware environment, so I'm struggling a bit with this >>> >> configuration. >>> >> >>> >> We have a Hyper-V (2012 R2) host in our DMZ with its own AD >>> >> infrastructure. >>> >> >>> >> We're trying to stand up some VMs to which a few of our support staff >>> >> can log in, and support some of our customers. >>> >> >>> >> The catch is that they use the VMs to start a VPN client, and many of >>> >> our customers turn off split tunneling, which means that merely >>> >> logging into the VM with RDP won't cut it, because once a >>> >> dedicated/non-split tunnel is connected, the RDP connectiion to the >>> >> VM fails. >>> >> >>> >> In vSphere, I can assign access permissions to a VM, and the user can >>> >> only get console access to that VM, and can't touch, or even see, the >>> >> other VMs in the cluster. >>> >> >>> >> Is there any similar facility in Hyper-V? I don't want our support >>> >> staff to have access to all of the VMs on the host, nor be able to do >>> >> any real management of the host. At most, they should have standard >>> >> user rights on the VM, but they need the equivalent of the VMware >>> >> console access. >>> >> >>> >> Help and pointers much appreciated. >>> >> >>> >> Kurt >>> >> >>> >> >>> > >>> >>> >>> >> >
