Search This Blog

Friday, September 11, 2009

Remote management and manage security permission in Hyper V

As Microsoft has released a new RSAT for Windows 7, now you can start to use it to remotely manage Hyper V. Before you can connect to Hyper V host, you need to enable firewall exception WMI (Windows Management Instrumentation). Go to control panel > Windows Firewall and click on exception tab. Tick WMI.


That should do the trick. Now you can manage your Hyper V without remote desktop to the host server. Enjoy !





If still cannot access, you need to configure

On the client computer
1. Click Start, Run, type DCOMCNFG. Click OK.

2. Expand Component Services, expand Computers. Right-click on My Computer and click on Properties.

3. Click on COM Security.

4. In the Access Permission area, click Edit Limits.

5. Select ANONYMOUS LOGON in the Group or User Name area. Then set the Permissions for ANONYMOUS LOGON to Allow for Remote Access.
 


On the Hyper V server:-

1. Go to Computer management and create an account similar as your client computer. (must assign same username and password)

2. Open Component Services by typing “dcomcnfg” in the box on the start menu, and expand the menu so that “My Computer” is selected under Component Services\Computers.

3.Right-Click on My Computer, select Properties and select the “COM Security” tab.

In the above dialog, click Edit Limits in the “Launch and Activation Permissions” area.

Click “Add…” and enter the users (or groups including “Authenticated Users” as appropriate) .eg: laiys

In the Allow column, select Remote Launch and Remote Activation, then click OK.























This step grants appropriate WMI permissions to the user(s) who are remotely connecting. You need grant access to two namespaces.

Open Computer Management under Start/Administrative Tools, expanding the tree down through Services and Applications\WMI Control. Select WMI Control

Right-click on WMI Control and select properties. Then switch to the Security tab. Select the Root\CIMV2 namespace node.

IMPORTANT: You need to set the security twice. Once for the Root\CIMV2 namespace, and then again for the Root\virtualization namespace.

Click the Security button.

Now select the user and click the Advanced button below the “Permissions for

Again, make sure the user/group is selected and click Edit

You need to make three changes here:

In the “Apply to:” drop-down, select “This namespace and subnamespaces”

In the Allow column, select Remote Enable

Check “Apply these permissions to objects and/or containers within this container only”

The screen should look like below. If so, click OK through the open dialogs.






















Repeat for the Root\virtualization namespace

Click OK as appropriate to confirm all open dialogs and close Computer Management.

Next, let configures the Authorization Manager (AZMan) policy for the server running the Hyper-V role.

1. Open Authorization Manager by typing “azman.msc” in the box on the start menu.

2. Right-click on the Authorization Manager and choose Open Authorization Store from the context menu.
 
3.Make sure the “XML file” radio button is selected, and browse to the \ProgramData\Microsoft\Windows\Hyper-V directory on the system drive and select InitialStore.xml, then click OK.
 
4. Expand the tree down through InitialStore.xml\Hyper-V services\Role Assignments\Administrator, and select Administrator.

5.In the area on the right, right-click and select “Assign Users and Groups” then “From Windows and Active Directory…”.
 
6. Add the appropriate users or groups (here you can see the “laiys” account)

Close the Authorization Manager MMC.

IMPORTANT. You must now reboot your server for the above changes to take effect.

2 comments:

  1. A pesar de que los bolsos MK son lo que he acuñado como "lujo asequible", una persona con los presupuestos más ajustados puede tener dificultades para comprar una bolsa por cien dólares o más.(Bolsos Michael Kors Rebajas) MK tiene bolsos que van de pequeño, mediano a grande. y varían en precios.(Bolsos Michael Kors Baratos) Los bolsos más pequeños ni siquiera son bolsos ... se llaman muñequeras.(bolsas michael kors precios) O, los uso para billeteras para ciertos bolsos.(Bolsos Michael Kors Outlet) Es mucho más barato hacerlo de esa manera que tratar de tener. una billetera para cada bolso MK que poseas.(bolsos michael kors rebajas)
    Om du planerar att äga en MK handväska och inte vill betala mycket över hundra dollar, är det bästa alternativet att vara den mindre väskan.(Michael Kors Plånbok)Om du är seriös om att hitta MK handväskor för mindre än du bättre tittar på någon annanstans.(MK Väska) Hemligheten att hitta MK handväskor till rabatterat pris är att handla online på en webbshop som säljer autentiska MK handväskor.(Väskor Michael Kors Rea) Du kan hitta bra handväskor till priser som du bara önskat att du kunde betala.(michael kors väska rea) Alla sökningar har gjorts för dig. Jag sparar inte bara pengar, utan också tid.(michael kors väska rea)
    Les sacs à main Longchamp sont à la mode et très pratiques.(Longchamp Soldes Destockage) Étant donné que beaucoup de femmes se retrouvent souvent submergées de choses à emporter chaque jour.(Sac A Main Longchamp) Longchamp a relevé le défi en créant des sacs à main qui sont aussi des fourre-tout polyvalents.(Sac Longchamp Pliage)Les sacs à main Longchamp sont des produits de qualité portant un nom réputé.(longchamp soldes) Les sacs à main Longchamp sont grands et spacieux, mais restent très à la mode et très demandés.(pronote college longchamp)

    ReplyDelete