Oturum Aç
 
Ana SayfaKütüphaneEğitimIndirinSorun GidermeForumlar
BT Uzmanları için Kaynaklar >
assign users view VMs through Azman

Yanıt assign users view VMs through Azman

  • 03 Şubat 2009 Salı 20:58
     
     
    Oylamak İçin Oturum Aç
    0
     Hi all,

    Sorry that I have to start the new thread.

    Is there a way to assign the domain regular users through Azman to only connect to hyper-V host and view VMs on their Vista's hyper-v manager? (they can not create/delete/modify VMs).

    Thank you!
     

Tüm Yanıtlar

  • 05 Şubat 2009 Perşembe 06:59
    Moderatör
     
     Yanıt
    Oylamak İçin Oturum Aç
    0
    Hi,

    Yes, you can use azman to assign the specific permission to the domain regular users.

    I found the following article related to azman on Hyper-V, hope it helps:

    Configure Hyper-V for Role-based Access Control
    http://technet.microsoft.com/en-us/library/dd283076.aspx

    Delegation Model in Hyper-V – Part 1
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!269.entry?_c=BlogPart

    Delegation Model in Hyper-V – Part 2
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!274.entry?_c=BlogPart

    Delegation Model in Hyper-V – Part 3
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!282.entry?_c=BlogPart

    Delegation Model in Hyper-V – Part 4
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!296.entry?_c=BlogPart

    Delegation Model in Hyper-V – Part 5
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!304.entry?_c=BlogPart

    Delegation Model in Hyper-V – Part 6
    http://dungkhoang.spaces.live.com/blog/cns!31A50D02D661C816!305.entry?_c=BlogPart

    Best regards,
    Vincent Hu

     
  • 30 Mayıs 2012 Çarşamba 15:07
     
     
    Oylamak İçin Oturum Aç
    0

    Hi. I have 2008 R2 server. I was read first link.

    1) added new Role Definition with operations: Read Services Configuration, View Virtual Switch Mamagement Service
    2) added this role in Role Assignments and assign my user.
    3) create new scope, add VM in this scope (via VBS scripts)
    4) added new Role Definition (in new scope) with operations: Allow Input\Output to\from VM, Allow VM Snapshot, Pause and Restart VM, Reconfigure VM, Start Vm, Stop VM
    5) added this role in Role Assignments and assign my user.
    6) restart 3 Hyper-V services.

    In Pc my user i installed RSAT Hyper-V. When user trying connect to Hyper-V server he have error:
    You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer "SERVER".
    What wrong?

    VBS scripts: For get scope information for VM 

    Option Explicit 
    Dim WMIService
    Dim VM
    Dim VMManagementService
    Dim VMSystemGlobalSettingData
    Dim VMName
    Dim NewVMName
    Dim Result 'Setup variables for the VM we are looking for, and the new name

    VMName = Wscript.Arguments(0)

    'Get an instance of the WMI Service in the virtualization namespace.
    Set WMIService = GetObject("winmgmts:\\.\root\virtualization") 
    'Get a VMManagementService object
    Set VMManagementService = WMIService.ExecQuery("SELECT * FROM Msvm_VirtualSystemManagementService").ItemIndex(0) 
    'Get the VM object that we want to modify
    Set VM = (WMIService.ExecQuery("SELECT * FROM Msvm_ComputerSystem WHERE ElementName='" & VMName & "'")).ItemIndex(0) 

    'Get the VirtualSystemGlobalSettingData of the VM we want to modify
    Set VMSystemGlobalSettingData = (VM.Associators_("MSVM_ElementSettingData", "MSVM_VirtualSystemGlobalSettingData")).ItemIndex(0)  

    'Print the scope property
    Wscript.Echo VMSystemGlobalSettingData.ScopeOfResidence

    For set scope for VM

    Option Explicit 
    Dim WMIService
    Dim VM
    Dim VMManagementService
    Dim VMSystemGlobalSettingData
    Dim VMName
    Dim NewVMName
    Dim Result 'Setup variables for the VM we are looking for, and the new name

    VMName = Wscript.Arguments(0)

    'Get an instance of the WMI Service in the virtualization namespace.
    Set WMIService = GetObject("winmgmts:\\.\root\virtualization") 
    'Get a VMManagementService object
    Set VMManagementService = WMIService.ExecQuery("SELECT * FROM Msvm_VirtualSystemManagementService").ItemIndex(0) 
    'Get the VM object that we want to modify
    Set VM = (WMIService.ExecQuery("SELECT * FROM Msvm_ComputerSystem WHERE ElementName='" & VMName & "'")).ItemIndex(0) 

    'Get the VirtualSystemGlobalSettingData of the VM we want to modify
    Set VMSystemGlobalSettingData = (VM.Associators_("MSVM_ElementSettingData", "MSVM_VirtualSystemGlobalSettingData")).ItemIndex(0)  

    VMSystemGlobalSettingData.ScopeOfResidence=Wscript.Arguments(1)

    Wscript.Echo(VM.Path_.Path)
    WScript.Echo(VMSystemGlobalSettingData.GetText_(1))

    'Update the VM with ModifyVirtualSystem
    Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1))
    'WScript.Echo(Result)

    and Delegation Model in Hyper-V – Part 1-6 - this link not available now :(

    Thank you!



    • Düzenleyen Anahaym 30 Mayıs 2012 Çarşamba 15:11
    • Düzenleyen Anahaym 30 Mayıs 2012 Çarşamba 15:12
    • Düzenleyen Anahaym 30 Mayıs 2012 Çarşamba 15:12
    •  
     
  • 31 Mayıs 2012 Perşembe 18:40
     
     
    Oylamak İçin Oturum Aç
    0

    Hi,

    I don't have an answer to your problem but wanted to point out that Microsoft will not be supporting this general approach of using AzMan to control access to VMs in Windows 8/2012 server.

    Martin