TOTD: Non-administrators access in Hyper-V, AzMan, FAQ

What is AzMan and why should I know about it?

AzMan (azman.msc) is the Windows Authorization Manager. AzMan was the preferred method to provide granular access to the Hyper-V functions to non-administrators .

Unfortunately, it was deprecated in Windows Server 2012 and it doesn’t work in Windows Server 2012 R2.

How to use AzMan?

Enter to Hyper-V host, win+r and type AzMan.msc  -> open configuration store (C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml)

Then create new scope (optionally), role and tasks definition and then assign user to this role. That’s it.

Untitled

Err..What about Server 2012 R2?

You may notice AzMan.msc and InitialStore.xml are still existed in 2012 R2. But…it doesn’t really work. In Server 2012 R2 Hyper-V uses simple authorization. It’s just a group “Hyper-V Administrators”.

2

So , if you want to provide Full Access  to Hyper-V you simply add users/groups to this built-in group. There is no RBAC (Role-Based Access Control).100% RBAC is available only in VMM.