Hyper-V and AZMAN Permission

  • Article

Hi there,

a very interesting scenario where I personally think Microsoft does have here some room for improvements, the permission management from Hyper-V perspective is currently still laborious.

BUT there are already (free) published scripts available which makes the life much more easier, when you need set up more granular permissions for Hyper-V Management (VM and or task like start/stop level).

Here you should use setscope.vbs and getscope.vbs to manage AZMAN store for setting the Hyper-V permissions. finally you "only" need to assign the user to the specified scope and it just works - also great for automatization scenarios ;-)

Also check out the following blog which gives you some examples on the usage scenarios of set- and getscope.vbs:

https://projectdream.org/wordpress/2008/07/03/delegating-hyper-v-virtual-machines/

The scripts can be found here (only here!):

https://blogs.technet.com/b/alipka/archive/2008/07/02/off-topic-things-and-some-hyper-v-goodies-resources-backup-and-azman-scope-scripts.aspx

and of course John Howard post from part1 till 5:

https://blogs.technet.com/b/jhoward/archive/2008/03/28/part-1-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

https://blogs.technet.com/b/jhoward/archive/2008/03/28/part-2-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

https://blogs.technet.com/b/jhoward/archive/2008/03/30/part-3-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

https://blogs.technet.com/b/jhoward/archive/2008/04/01/part-4-domain-joined-environment-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

https://blogs.technet.com/b/jhoward/archive/2008/04/04/part-5-domain-client-to-workgroup-server-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

that should give you an complete picture of the usage and the functionality of AZMAN scope for Hyper-V Winking smile

Stay tuned for an detailed step-by-step configuration with screenshots.

Regards

Ramazan Can