none
Lock down Hyper-V on Windows 10 desktop

    Question

  • I'm interested in understanding if there's a way to lock down Hyper-V on a Windows 10 desktop platform. Especially, I want to know if there is a way to restrict access to the Hyper-V interface to just domain administrators, so that "normal" local administrators of the system cannot change Hyper-V configuration. Also, is there a way to lock down the Hyper-V configuration completely, so that only someone with a lockdown code, maybe some password or whatever, can unlock the configuration again. Basically I want to find a way to prevent a local administrator to modify Hyper-V settings. Is there a feasible way to do this? Many thanks for your thoughts.
    Thursday, September 13, 2018 1:53 PM

All replies

  • Hello Hyper-V Researcher,

    What you are looking for can be achieved using the Authorization Manager.

    Please take a look at the following link so you can understand more about how to give and restrict access to users and groups: http://itprocentral.com/how-to-delegate-access-in-hyper-v/

    Please remember to mark this answer if I was able to help you!


    Thursday, September 13, 2018 3:44 PM
  • Hi,

    Unfortunately AzMan has been deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions, you may still find it in newer versions of Windows but it won't work.


    Your idea is interesting, though as for restricting / "locking down" Hyper-V, it seem to be very difficult, as far as I know this cannot be achieved either Hyper-V Manager or GPO.

    One way to have more control over Hyper-V would be to use System Center Virtual Machine Manager (SCVMM).

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, September 13, 2018 6:42 PM
  • Hi,

    >I want to know if there is a way to restrict access to the Hyper-V interface to just domain administrators, so that "normal" local administrators of the system cannot change Hyper-V configuration.

    We are unable to disable local administrator account to manager Hyper V configurations.

    > Is there a way to lock down the Hyper-V configuration completely, so that only someone with a lockdown code, maybe some password or whatever, can unlock the configuration again.

    Users in Hyper V administrators group and users in local administrator, domain administrator group have rights to manage Hyper V. There’s no build-in settings to realize your requirements.

    Thanks for your time! If you have any concerns or questions, please feel free to let me know.

    Best Regards,

    Frank


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Friday, September 14, 2018 8:34 AM
    Moderator
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, September 17, 2018 8:14 AM
    Moderator
  • Hi,

    Was your issue resolved? 

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.


    Best Regards,
    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, September 20, 2018 2:56 AM
    Moderator