August 25, 2009

Q: Does Microsoft provide a mechanism to restrict which administrators can manage a particular Hyper-V virtual machine (VM)? I want to make sure that VM administrators can only manage their VMs and can't touch the parent partition.

A Web Exclusive from Windows IT Pro
Jan De Clercq
Windows Gatekeeper
InstantDoc #102497
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Systems Administration Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

A: You can use the Authorization Manager (AzMan) to define specific roles for VM administrators on a Hyper-V server, and to ensure that they have permissions only for their respective VMs.

Microsoft introduced AzMan in Windows Server 2003 to let developers and administrators easily add role-based access control (RBAC) rules to their applications. Unfortunately, few Windows administrators have used AzMan and know how to configure it. For an excellent description of how to set up AzMan for delegating permissions on a Hyper-V server, see this blog.

In this context, it's worth mentioning System Center Virtual Machine Manager (VMM), Microsoft’s enterprise management solution for virtualization servers and VMs. VMM reduces the complexity of configuring and managing AzMan authorization rules. More information about VMM is available on Microsoft's site.

Related Reading:
  • Securing Hyper-V
  • Q. Where can I read the Microsoft Hyper-V Security Guidelines?
  • Running SQL Server on Hyper-V
  • Windows Server 2008 Hyper-V

    • End of Article

    Windows IT Pro Community
    Blogs





    Top Viewed ArticlesView all articles
    WinInfo Short Takes: Week of November 23, 2009

    An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...

    Command Prompt Tricks

    One reader shares his tip for setting up the command prompt to reflect a remote path. ...

    2009 Windows IT Pro Editors' Best and Community Choice Awards

    Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...
    Virtualization Whitepapers A Business Case for Backup & Recovery for The Virtualized Environment
    Related Events VirtualizationPro 2010 Summit & Expo

    Deep Dive into VMware vSphere

    RUUP4IT? R2 Takes You Vertical and Virtual

    Check out our list of Free Email Newsletters!
    Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

    A Guide to Windows Certification and Public Keys

    SQL Server Administration for Oracle DBAs
    Related Windows OSs Resources Introducing Left-Brain.com, the online IT bookstore
    Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

    Discover Windows IT Pro eLearning Series!
    Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


    ADS BY GOOGLE

    Job Openings in IT SPONSORED LINKS FEATURED LINKS
    Calculate your savings now
    See how SAN is 57% cheaper than DAS over three years

    Free CDs Offer Fundamental Content for IT Pros
    Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

    Let Your Users Reset Their Own Passwords: Free Download
    Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


    Exchange Server 2010: Deploying Unified Communications - Virtual conference
    December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

    Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
    Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

    Migration, Virtualization, Availability, and Desktop Management
    Realize the importance of a workload optimization strategy...it can affect your bottom line!

    Deep Dive into VMware vSphere, eLearning Series
    Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
    Windows IT Pro Home Register FAQ for Windows WinInfo News
    Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
    SQL Server Magazine Office & SharePoint Pro DevProConnections asp.netPRO ITTV
    IT Library Technology Resource Directory Connected Home Windows SuperSite
     
     Windows IT Pro is a Division of Penton Media Inc.
     © 2009 Penton Media, Inc.     Terms of Use | Privacy Statement | Reprints and Licensing