TOTD: Non-administrators access in Hyper-V, AzMan, FAQ


What is AzMan and why should I know about it?

AzMan (azman.msc) is the Windows Authorization Manager. AzMan was the preferred method to provide granular access to the Hyper-V functions to non-administrators .

Unfortunately, it was deprecated in Windows Server 2012 and it doesn’t work in Windows Server 2012 R2.

How to use AzMan?

Enter to Hyper-V host, win+r and type AzMan.msc  -> open configuration store (C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml)

Then create new scope (optionally), role and tasks definition and then assign user to this role. That’s it.

Untitled

Err..What about Server 2012 R2?

You may notice AzMan.msc and InitialStore.xml are still existed in 2012 R2. But…it doesn’t really work. In Server 2012 R2 Hyper-V uses simple authorization. It’s just a group “Hyper-V Administrators”.

2

So , if you want to provide Full Access  to Hyper-V you simply add users/groups to this built-in group. There is no RBAC (Role-Based Access Control).100% RBAC is available only in VMM.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s