Sunday, October 11, 2009

Role-based authorization model for Hyper-V

azman.msc -> C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml
- Allow Input to Virtual Machine
- Allow Output from Virtual Machine
- Bind External Ethernet Port
- Change Virtual Machine Authorization Scope
- Change VLAN Configuration on Port
- Connect Virtual Switch Port
- Create Internal Ethernet Port
- Create Virtual Machine
- Create Virtual Switch
- Create Virtual Switch Port
- Delete Internal Ethernet Port
- Delete Virtual Machine
- Delete Virtual Switch
- Delete Virtual Switch Port
- Disconnect Virtual Switch Port
- Modify Internal Ethernet Port
- Modify Switch Port Settings
- Modify Switch Settings
- Pause and Restart Virtual Machine
- Read Service Configuration
- Reconfigure Service
- Reconfigure Virtual Machine
- Start Virtual Machine
- Stop Virtual Machine
- Unbind External Ethernet Port
- View External Ethernet Ports
- View Internal Ethernet Ports
- View LAN Endpoints
- View Switch Ports
- View Switches
- View Virtual Machine Configuration
- View Virtual Switch Management Service
- View VLAN Settings

- Don't forget about file permission also....

- Using group from Authorization Manager itself is more secured -> pull the user from AD and grant access but... file permission....
- Using local group -> if someone got local admin access and add himself to appropriate group that's it

News it R2
- Allow Virtual Machine Snapshot

No comments:

Post a Comment