In medium/large organization with IT Department and not alone IT every IT has specific responsibilities and specific access in different areas.
Since Windows Server 2012 has create a new Group in Active Directory as HYPER-V Administrators sometimes maybe requested different level access in HYPER-V Management Console from different Administrators.
Today i will explain how can give specific access in HYPER-V Management Console for specific Administrators.
So let's start
- Open the Start Menu and type Azman.msc
- Right Click in Authorization manager and select Open Authorization Store
- Click Browse and go in C:\ProgramData\Microsoft\Windows\Hyper-V and select the InitialStore.xml. Click OK
- Expand HYPER-V Services - - > Definitions.Right Click in Role Definition and select New Role Definition.
- Type a Name. I type Basic Access for these scenario. Click OK
- Now you can see the new Role in the right side.
- Right clikck in Task Definitions and select New Task Definition.
- Type the name. I type Basic. Click OK.
- You can see the new Task Definition in the right side.
- To add Definitions into Task double click in Basic Definition and select Tab Definitions.
- Click Add button and select Tab Operations.
- Select the Operations that you want to allow for the specific Definition. I will check only Start Virtual Machine. Click OK and OK.
- Now i must add the Task Definition into Role Definition.
- Click in Role Definitions. Double click in Basic Access. Select Tab Definitions.
- Click Add Button. Select Tab Tasks, check the Basic Task. It's the Task that create before. Clicl OK and OK.
- Now we must assign a Role in the appropriate User or Group.
- So Right click in Role Assignments and select New Role Assignment.
- Check the Role Definition that you want to add and click OK. I check Basic Access.
- Right click in Basic Access and select Assign Users and Groups, select From Windows and Active Directory.
- In the Select Users and Groups type the user or Group that you want to has the specific access and click OK.
- I recommend to use Security Groups because if in the future need another user the same access then the only that you have do is to add in the specific Security Group.
- So i have create a new Security Group Hyper-v Basic Access. and add the user that you want to has the specific access. For the scenario add the user1.
- After that login with the user that have select to be a memeber in the specific Group and check the permissions.
This feature it's very helpfull in big IT Departments that has multiple System Addministrators or in IT Departments with at least 2 IT and you don't want to give full access in HYPER-V for the System Administrator.
Do you know this feature? Write your feedback, experience or comment and share it with other IT Pro in our commented system.
Have a nice weekend !!!