Configure Hyper-V role for remote management on a fully installed Windows Server 2008.
1. Activate firewall rules for Windows Management Instrumentation. Type the line after the command window appears:
netsh advfirewall firewall set rule group = 'Windows Management Instrumentation (WMI)' new enable = yes
This command will be successful when the following message appears: ' Updated 4 rules (s). Ok '.
Attention:
To confirm that the command has completed successfully, you can see the results in Windows Firewall. Click Start -> Control Panel , switch to Classic View , then click Administrative Tools -> Windows Firewall with Advanced Security . Select inbound rule or outbound rule then filter by Group column. Users should enable 3 inbound rules and 1 outbound rules for Windows Management Instrumentation.
2. The next step is to configure the account confirmation for the server running the Hyper-V role. If the user requests remote access to the server running Hyper-V on the Administrators group group on both machines, you will not have to configure the account confirmation.
Attention:
The configuration wizard acknowledges the account assuming that the default account confirmation has not been adjusted, and the account you are configuring for remote access requires administrative access to the Hyper-V role.
3. Click Start -> Start Search and type azman.msc . If a window appears, click Continue . Authorization Manager The MMC snap-in will display.
4. In the navigation panel, right-click Authorization Manager and click Open Authorization Store . Remember to choose XML file . Next, browse to % system drive% ProgramDataMicrosoftWindowsHyper-V folder , select InitialStore.xml , click Open and click OK .
Attention:
The Program Data folder is by default a hidden folder. If this folder is not displayed, type: ProgramDataMicrosoftWindowsHyper-Vinitialstore.xml
5. In the navigation panel, click Hyper-V services -> Role Assignments . Right-click Administrator , find Assign Users and Groups -> From Windows and Active Directory . In the Select Users, Computers, or Groups dialog box, enter the domain name and username of the account, then click OK .
6. Close the Authorization Manager window.
7. Next, you can add the remote user to the Distributed COM Users group to provide access for this person. Click Start , go to Administrative tools , and click Computer Management . If User Account Control is enabled, select Continue . Component Services will display.
8. Expand Local Users and Groups , and click Groups . Right-click Distributed COM Users and select Add to Group .
9. In the Distributed COM Users Properties dialog box, click Add .
10. In the Select Users, Computers, or Groups dialog box, type the user name and click OK .
11. Click OK and close the Distributed COM Users Properties dialog box. Close the Component Services window.
12. The remaining steps are to assign WMI permissions to remote users in two areas: CIMV2 and virtualization. Click Start -> Administrative Tools and click Computer Management .
13. In the navigation panel, click Services and Applications , right-click WMI Control , and click Properties .
14. Click on the Security -> Root tab, and click on CIMV2 . Under the name list, click Security .
15. In the Security for ROOTCIMV2 dialog window, check to see a list of valid users. If not, click Add . In the Select Users, Computers, or Groups dialog box, type the user name and click OK .
16. On the Security tab, select the username. Under Permissions for , click Advanced . On the Permissions tab, confirm that you have selected the user you need and click Edit . In the Permission Entry for CIMV2 dialog box, edit the following 3 installation items according to:
17. Click OK in each dialog box until you return to the WMI Control Properties dialog box.
18. Next, let's do the same process for virtualization. Scroll down until you find the virtualization namespace entry. Click virtualization . Under the list of names available there, select Security .
19. In the Security for ROOTvirtualization dialog box, check if the valid user is already in the list. If not, click Add . In the Select Users, Computers, or Groups dialog box, type the user name and click OK .
20. At the Security tab, select the user name. Under Permissions for , click Advanced . On the Permissions tab, confirm that you have selected the user you need and click Edit . In the Permission Entry for virtualization dialog box, edit the following 3 settings:
21. Click OK in each dialog box and close the Computer Management window.
22. Restart the server to make the changes work.
Configure Hyper-V role for remote management on Windows Server 2008 Server Core installation
1. Activate firewall rules on the Windows Management Instrumentation server. At the command prompt that appears later, type:
netsh advfirewall firewall set rule group = 'Windows Management Instrumentation (WMI)' new enable = yes
This command will be successful when the following message appears: ' Updated 4 rules (s). Ok '.
2. Next, edit Distributed COM permissions to provide remote users access. Type:
net localgroup 'Distributed COM Users' / add
is the domain that contains the user account and is the user account you want to grant remote access to.
3. Next, connect to the server running the Server Core installation so that you can adjust the access confirmation and both WMI namespaces and the use of MMC snap-ins are not used on Server Core installations.
Log on to the computer and you will run the Hyper-V management tools, using a domain account that is a member of the Administrators group group on the computer that is running the Server Core installation.
Attention:
The configuration wizard acknowledges the account assuming that the default account confirmation has not been adjusted, and the account you are configuring for remote access requires administrative access to the Hyper-V role.
4. Click Start , select Start Search and type azman.msc . If required, click Continue . Authorization Manager snap-in will display.
5. In the navigation panel, right-click Authorization Manager and click Open Authorization Store . Remember to select XML file and type:
c $ ProgramDataMicrosoftWindowsHyper-Vinitialstore.xml
is the name of the computer running the Server Core installation.
Click Open and then click OK .
6. In the navigation panel, click on Hyper-V services , and select Role Assignments . Right-click Administrator , find Assign Users and Groups -> From Windows and Active Directory . In the Select Users, Computers, or Groups dialog box, type the domain name and user account name and click OK .
7. Close the Authorization Manager window.
8. The remaining steps are to authorize WMI permissions for remote users in 2 areas: CIMV2 namespace and virtualization namespace. Click Start , select Administrative Tools -> Computer Management .
9. In the navigation panel, click Services and Applications , right-click WMI Control , and select Properties .
10. Click the Security tab. Click on Root and select CIMV2 . Under the namespace list, click Security .
11. In the Security for ROOTCIMV2 dialog box, check if the user you need is listed. If not, click Add . In the Select Users, Computers, or Groups dialog box, type the name of the user you want and click OK .
12. At the Security tab, select the username. Under Permissions for , click Advanced . On the Permissions tab, verify that the user you want is selected and click Edit . In the Permission Entry for CIMV2 dialog box, edit the following 3 settings:
13. Click OK in each dialog box until you return to the WMI Control Properties dialog box.
14. Next, let's do the same process for virtualization. Scroll down until you find the virtualization namespace entry. Click virtualization . Under the list of names available there, select Security .
15. In the Security for ROOTvirtualization dialog box, check if the valid user is already in the list. If not, click Add . In the Select Users, Computers, or Groups dialog box, type the user name and click OK .
16. At the Security tab, select the username. Under Permissions for , click Advanced . On the Permissions tab, confirm that you have selected the user you need and click Edit . In the Permission Entry for virtualization dialog box, edit the following 3 settings:
17. Click OK in each dialog box and close the Computer Management window.
18. Restart the computer running the Server Core installation so that the changes will take effect.
The following steps will show you how to configure Windows Vista SP1 when domain-level trust is not set up.
To configure Windows Vista SP1 :
1. Log on to the computer that is running Windows Vista SP1.
2. Turn on the firewall rule for Windows Management Instrumentation. At the command prompt that appears later, type:
netsh advfirewall firewall set rule group = 'Windows Management Instrumentation (WMI)' new enable = yes
This command will succeed when the following message appears: ' Updated 8 rules (s). Ok '.
Attention:
To confirm that the command has completed successfully, you can see the results in Windows Firewall. Click Start -> Control Panel , switch to Classic View , then click Administrative Tools -> Windows Firewall with Advanced Security . Select inbound rule or outbound rule then filter by Group column. Users should enable 3 inbound rules and 1 outbound rules for Windows Management Instrumentation.
3. Enable a firewall exception for Microsoft Management Console. From the command prompt, type:
Netsh firewall add allowedprogram program =% windir% system32mmc.exe name = "Microsoft Management Console"
4. Start Hyper-V Manager to confirm that you can remotely connect to the server. Click Start , check the Start Search dialog box, then type Hyper-V Manager and press ENTER. When requesting confirmation of action, click Continue . In Hyper-V Manager, under Actions , click Connect to Server . Type the name of the computer and browse to it, click OK . If Hyper-V Manager can connect to the remote computer, the computer name will appear on the navigation panel and the results page will list all virtual machines configured on the server.