Hyper-v User rights assignment

So if your like most admin’s you and have a bunch of Support staff some times its just easier to give them access to hyper-v then to have them wait for the admin to complete a simple task (ex.make a snapshot). The only issue with this is the fact they can do things we don’t want… for instance turn a machine off reboot change settings like nics along w/ creating new machines. So i went looking and apparently there is a way to restrict this so this post goes to show how we can.

Assigning Rights to hyper-v
Open mmc.exe

Click file then add/remote snap-in

Select authorization manager and hit add and ok

Then right click on Open Authorization Store….

Select XML file then hit browse

Goto \\Server_name\c$\ProgramData\Microsoft\Windows\Hyper-V\ and select InitialStore.xml

Then hit ok

Role Assignments
Select the Role we want to assign in this case its Administrator

Right click and click assign User and Groups then select from Windows and Active Directory…

Enter username you want to assign rights to. And hit ok

That user will now have admin rights.

Creating New Role Definitions
(what rights does this group have?)
Expand intialstore.xml -> Hyper-v services ->Definitions ->Role Definitions

Right click Role definitions and click new role Definitions

Then enter a name and click add…

Select Operations tab

Then add what rights you want that role to have by checking the checkbox and hitting ok, ok.

Now that we have a new role definitions created now we need to create role assignments see role assignments Section.

Role Assignments
Right click create new role assignment

Select what role that’s been defined

And hit ok

Now we need to add user into this group see Role Assignments

Leave a Reply

Your email address will not be published. Required fields are marked *