Windows Server 2012R2 Grant access to hyper-v VM’s #Hyper-v #ws2012r2 #winserv #msftprivatecloud   11 comments

ever want to set security on a VM ?

new Command’s are there in powershell



Get-VMConnectAccess show all the rights



suppose I want to give my SQL DBA access to the VM

Grant-VMConnectAccess -VMName mvpvmm01 -UserName mvp\sql2012



Or revoke access
Revoke-VMConnectAccess -VMName mvpvmm01 -UserName mvp\sql2012


Posted July 26, 2013 by Robert Smit [MVP] in Windows Server 2012 R2

Tagged with

11 responses to “Windows Server 2012R2 Grant access to hyper-v VM’s #Hyper-v #ws2012r2 #winserv #msftprivatecloud

Subscribe to comments with RSS.

  1. Pingback: Week of July 26: Start testing Windows Server 2012 R2 with the Windows Server MVPs - Server and Cloud Partner and Customer Solutions Team Blog - Site Home - TechNet Blogs

  2. This did not work on Windows server 2012 and Windows server 2012 R2 both!.
    Have stand alone server. Created user joe, local non-admin user and used Grant-VMConnectAccess to give permission to joe. The Get-VMConnectAccess shows joe having authorization.
    Logged in as Joe, Cant use vmconnect to connect to it.! Any ideas ?

    • This is a working solution, every item I create is on windows server 2012 R2. but as you say you have a standalone machine and give joe rights but rights on the VM file is not the same as RDP rights in the VM , you still need to add joe to the RDP group in the VM.

  3. I’d also appreciate some additional information regarding it’s use, it appears we’re not alone in not fully understanding it:

  4. Hi Robert, is that still on your task list? I also haven’t been able to get this to work.

  5. Hi Robert,

    Thanks for the links. However, I already know the previous delegation model (AzMan-based), which was quite handy. You could delegate 34 different operations, such as Start VM, Snapshot VM, or Configure VM, and you could also define scope of residence so, that someone gets permissions only to part of the VMs. The remaining VMs of the host are not visible to him in Hyper-V Manager or PowerShell.

    That AzMan-based is gone in 2012 R2, so something new is needed.

    The local group Hyper-V Administrators works the same in both Windows Server 2012 R2 with the Hyper-V role and Hyper-V Server 2012 R2. Anyone in that group gets full control of the Hyper-V environment, but no permissions for the host machine.

    Grant-VMConnectAccess would partly replace the AzMan-based, if it would work…

  6. In my testing Grant-VMConnectAccess does seem to work, it is VmConnect that has a problem. If I run VirtualMachineViewer which comes with SCVMM then I can connect successfully to a VM after granting permissions using grant-vmconnectaccess, there may be other 3rd party VM connection tools that work as well. I think the problem with VmConnect is that before it makes a connection is first tries to retrieve a list of all VMs and I suspect admin rights are required for this. If using VirtualMachineViewer from the command line be sure to use all the required parameters – for example:
    VirtualMachineViewer.exe /host testvmhost /port 2179 /vmid 7c8d234f-15c3-4a0f-9e4d-bcb41d123456 /vmname testvm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

  • Twitter

  • Advertisements
    %d bloggers like this: