Delegate Virtual Machine Management in Hyper-V

Delegate Virtual Machine Management in Hyper-V

The most simple and effective method of enabling others to manage Hyper-V and virtual machines is to add them to the Hyper-V Administrators local security group for each of the Hyper-V hosts to which you plan to delegate management. However, this might not be the most secure method because doing so gives the new administrators permissions to change virtual switch and host settings in addition to VMs.

To delegate access to individual VMs, you need to modify the Hyper-V Authorization Manager store. This enables you to create task and role definitions to which you can delegate access. Find below the general steps to modifying the Hyper-V services authorization.

In order to accomplish this, launch an MMC (Microsoft Management Console) session, and add the Authorization Manager to the console.

Then right-click the Authorization Manager, and click Open Authorization Sore. In the window, ensure that XML File is selected and browse to %systemroot%\ProgramData\Microsoft\Windows\Hyper-V\ to select InitialStore.xml.

Expand Authorization Manager, Initial Store, Hyper-V services, Role Assignments. Note that by default, the only role assignment is an Administrator. To create new role assignment, expand Definitions and then right-click Task Definitions. Select New Task Definition.

Name the task definition “VM Operator” for example. And select operations that you would want the custom role to do.

Now that you have created a group of tasks, you can create the role that can use these tasks. For this, right-click Role Definitions, and then select New Role Definition. Name the Role Definition such as VM Operator role, and then click OK. There are now two role definitions.

Next, you can create the Role Assignment, which is what user accounts are linked to for the permissions. Right-click Role Assignments, and click New Role Assignment. Select the VM Operator Role, and then click OK.

Right-click the new role assignment, select Assign Users and Groups, and then click From Windows and Active Directory. Select a user or group that you plan to delegate the permissions to, and then click OK.

One thought on “Delegate Virtual Machine Management in Hyper-V

Leave a Reply

Your email address will not be published. Required fields are marked *