SlideShare une entreprise Scribd logo

Understanding AzMan In Hyper-V

Lai Yoong Seng
Lai Yoong Seng
Technologie
1  sur  26
Understanding AzMan in Hyper-V Lai YoongSeng MVP : Virtual Machine www.ms4u.info Technical Consultant, Redynamics
Agenda Who is AzMan? How AzMan Works? Configure AzMan Why use AzMan? Auditing Troubleshooting
Who is AzMan? Not who but “ What is AzMan ?” AzMan also known as “Authorization Manager” Is a GUI interface for configuring security in Hyper-V Role Based Access and Control (RBAC) is what is used
How AzMan Work? Access to resources is based on Role Definitions and not Access Control List (ACL) Roles are based on a list of Tasks that are defined in a Role Definition. The Role Definition is then associated with a Role Assignment Only one Default Role defined in Hyper-V:- Administrator Built in Local Administrator Group is automatically added to the Administrator Role Assignment
Access AzMan To access Start | Run | Type Azman.msc Azman.msc is the primary method for defining and managing permissions for Hyper-V Open Authorization Stores
Configure AzMan Note: Backup InitialStore.xml before modify Configure Role Assignment Add non administrator to full permission on Hyper-V server
Configure AzMan Create Task. A task is a grouping of operation. Example: Control VM task and assign start, stop, restart vm operation. 1 2
Configure AzMan Create Role Definition- to limit operation on Hyper-V Server. Example: Operator Role which assign to control VM operation. 1 2
Configure AzMan Create new roles – to assign user to tasks or operation 1 2
Configure AzMan demo
Why use Azman? More secure and limit operation can perform on Hyper-V Hosts Secure either entire Hyper-V host or based on Virtual Machine Note:-
Secure by Virtual Machine Step 1: Create Scope Step 2: Create Role Step 3: Assign Role Step 4: Create New VM Step 5: Set the scope of the VM by using 4 scripts – Contributed by Tony Super GUI ? Sorry no GUI.
Script #1:- CreateVMInScope.vbs Option Explicit Dim WMIService Dim VMManagementService Dim VMName Dim VMScope Dim VMSystemGlobalSettingData Dim Result Dim inParameters VMName = InputBox(“Specify the name for the new virtual machine:”) VMScope = InputBox(“Specify the scope to be used for the new virtual machine:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘ Initialize the global settings for the VM Set VMSystemGlobalSettingData = WMIService.Get(“Msvm_VirtualSystemGlobalSettingData”).SpawnInstance_() ‘Set the name and scope VMSystemGlobalSettingData.ElementName = VMName VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘ Create the VM VMManagementService.DefineVirtualSystem(VMSystemGlobalSettingData.GetText_(1 )
Script #2:DisplayVMScopes.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim Message ‘Setup start of message string Message = “Virtual Machines and their scope of residence” & chr(10) _ & “========================================” ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) Message = Message & chr(10) & “VM: “ & VM.ElementName Message = Message & chr(10) & “Scope: “ & VMSystemGlobalSettingData.ScopeOfResidence Message = Message & chr(10) end if Next wscript.echo Message
Script #3:ClearVMScope.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim VMManagementService Dim Result ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) VMSystemGlobalSettingData.ScopeOfResidence = “” Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1)) end if Next
Script #4:ChangeVMScope.vbs Dim WMIService Dim VM Dim VMManagementService Dim VMSystemGlobalSettingData Dim VMName Dim VMScope Dim Result ‘Setup variables for the VM we are looking for, and the scope to assign it to VMName = InputBox(“Specify the virtual machine to change scope on:”) VMScope = InputBox(“Specify the new scope to be used:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get the VM object that we want to modify Set VM = (WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem WHERE ElementName=’” & VMName & “‘“)).ItemIndex(0) ‘Get the VirtualSystemGlobalSettingsData of the VM we want to modify Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) ‘Change the ScopeOfResidence property VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘Update the VM with ModifyVirtualSystem Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1))
Function of Each Scripts
What Happen When Host Join To Domain? Domain Admin Group will have full permission to create and manage VM on host servers. Administrator Role Assignment is set to domain admin
What Happen When Host Added into VMM? VMM create a copy and store in ProgramDataicrosoftirtual Machine ManageryperVAuthStore.xml By default, VMM will VMM Administrators are given full access to the VM/Hyper-V, including console access to the VM VMM Delegated administrators have no access to the VM or Hyper-V End User Role members are given console access to the VM if their User Roles has this privilege defined This means that any privileges defined in the old AzManfile will be lost once VMM takes control of the host. When remove Hyper-V host from management, will revert to InitialStore.xml
Auditing Must enabled on Authorization Manager 1 2
Auditing On Local Hosts. Use Local Security Policy | Audit Policy and Enable object access. On domain, enable on GPO | Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and then double-click Audit directory service access.
Troubleshooting AzMan Refer to Event Viewer. Open Windows Log | Security Open Applications and Services Log | Microsoft | Windows Hyper-V-VMMS Hyper-V-Workers More information:- http://technet.microsoft.com/en-us/library/dd581761(WS.10).aspx
Event Viewer
Summary ,[object Object]
Security in Hyper-V,[object Object],[object Object]
Understanding AzMan In Hyper-V

Recommandé

The Science of DBMS: Query Optimization
The Science of DBMS: Query Optimization The Science of DBMS: Query Optimization
The Science of DBMS: Query Optimization
SAP Technology
 
Webtechnologien - ein kurzer Überblick
Webtechnologien - ein kurzer ÜberblickWebtechnologien - ein kurzer Überblick
Webtechnologien - ein kurzer Überblick
Claus Brell
 
100913 enercon presentation september 2013 paper (4)
100913 enercon presentation september 2013 paper (4)100913 enercon presentation september 2013 paper (4)
100913 enercon presentation september 2013 paper (4)
www.thiiink.com
 
қыз жібек
қыз жібекқыз жібек
қыз жібек
Turar Toizhanov
 
Don't Be Afraid of Abstract Syntax Trees
Don't Be Afraid of Abstract Syntax TreesDon't Be Afraid of Abstract Syntax Trees
Don't Be Afraid of Abstract Syntax Trees
Jamund Ferguson
 
Unity Scroll View에 관하여
Unity Scroll View에 관하여Unity Scroll View에 관하여
Unity Scroll View에 관하여
민수 김
 
실무자가 말하는 모의해킹
실무자가 말하는 모의해킹실무자가 말하는 모의해킹
실무자가 말하는 모의해킹
양 한빛
 
CIA Certificate
CIA CertificateCIA Certificate
CIA Certificate
Hassam Ahmed
 

Recommandé

The Science of DBMS: Query Optimization
The Science of DBMS: Query Optimization The Science of DBMS: Query Optimization
The Science of DBMS: Query Optimization
SAP Technology
 
Webtechnologien - ein kurzer Überblick
Webtechnologien - ein kurzer ÜberblickWebtechnologien - ein kurzer Überblick
Webtechnologien - ein kurzer Überblick
Claus Brell
 
100913 enercon presentation september 2013 paper (4)
100913 enercon presentation september 2013 paper (4)100913 enercon presentation september 2013 paper (4)
100913 enercon presentation september 2013 paper (4)
www.thiiink.com
 
қыз жібек
қыз жібекқыз жібек
қыз жібек
Turar Toizhanov
 
Don't Be Afraid of Abstract Syntax Trees
Don't Be Afraid of Abstract Syntax TreesDon't Be Afraid of Abstract Syntax Trees
Don't Be Afraid of Abstract Syntax Trees
Jamund Ferguson
 
Unity Scroll View에 관하여
Unity Scroll View에 관하여Unity Scroll View에 관하여
Unity Scroll View에 관하여
민수 김
 
실무자가 말하는 모의해킹
실무자가 말하는 모의해킹실무자가 말하는 모의해킹
실무자가 말하는 모의해킹
양 한빛
 
CIA Certificate
CIA CertificateCIA Certificate
CIA Certificate
Hassam Ahmed
 
Raspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicsRaspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematics
hacguest
 
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow
 
Despemes.ppt
Despemes.pptDespemes.ppt
Despemes.ppt
prabhakarjha82
 
Manual balay microondas 3wg459xic
Manual balay microondas 3wg459xicManual balay microondas 3wg459xic
Manual balay microondas 3wg459xic
Alsako Electrodomésticos
 
(U) OSS Simple Sabotage Field Manual
(U) OSS Simple Sabotage Field Manual(U) OSS Simple Sabotage Field Manual
(U) OSS Simple Sabotage Field Manual
Peter Stinson
 
Viewを動的に変化させるアプローチ
Viewを動的に変化させるアプローチViewを動的に変化させるアプローチ
Viewを動的に変化させるアプローチ
Takao Sumitomo
 
When AOI meets AI
When AOI meets AIWhen AOI meets AI
When AOI meets AI
CHENHuiMei
 
行動介面設計模式
行動介面設計模式行動介面設計模式
行動介面設計模式
Nor chen
 
Crypttech LOG SIEM 2015
Crypttech LOG SIEM 2015Crypttech LOG SIEM 2015
Crypttech LOG SIEM 2015
Mustafa Kuğu
 
Spring in Action, Sixth Edition
Spring in Action, Sixth EditionSpring in Action, Sixth Edition
Spring in Action, Sixth Edition
Manning Publications
 
Transformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATIONTransformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATION
Lukasz Kaluzny
 
Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
wbarthol
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
Louis Göhl
 
SQL and NoSQL in SQL Server
SQL and NoSQL in SQL ServerSQL and NoSQL in SQL Server
SQL and NoSQL in SQL Server
Michael Rys
 
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Tũi Wichets
 
Rodc features
Rodc featuresRodc features
Rodc features
pothurajr
 
Class graph neo4j and software metrics
Class graph neo4j and software metricsClass graph neo4j and software metrics
Class graph neo4j and software metrics
jexp
 
Getting Started With The TFS API
Getting Started With The TFS APIGetting Started With The TFS API
Getting Started With The TFS API
wbarthol
 
Managing Hyper-V With PowerShell
Managing Hyper-V With PowerShellManaging Hyper-V With PowerShell
Managing Hyper-V With PowerShell
Ravikanth Chaganti
 
Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...
Louis Göhl
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
Sasha Goldshtein
 
Network analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4jNetwork analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4j
fvanvollenhoven
 

Contenu connexe

Tendances

Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow
 
Spring in Action, Sixth Edition
Spring in Action, Sixth EditionSpring in Action, Sixth Edition
Spring in Action, Sixth Edition
Manning Publications
 

Tendances (10)

Raspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicsRaspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematics
 
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
Joget Workflow Training – Basic & Advance for v3.1 – Module 11 – A Revision -...
 
Despemes.ppt
Despemes.pptDespemes.ppt
Despemes.ppt
 
Manual balay microondas 3wg459xic
Manual balay microondas 3wg459xicManual balay microondas 3wg459xic
Manual balay microondas 3wg459xic
 
(U) OSS Simple Sabotage Field Manual
(U) OSS Simple Sabotage Field Manual(U) OSS Simple Sabotage Field Manual
(U) OSS Simple Sabotage Field Manual
 
Viewを動的に変化させるアプローチ
Viewを動的に変化させるアプローチViewを動的に変化させるアプローチ
Viewを動的に変化させるアプローチ
 
When AOI meets AI
When AOI meets AIWhen AOI meets AI
When AOI meets AI
 
行動介面設計模式
行動介面設計模式行動介面設計模式
行動介面設計模式
 
Crypttech LOG SIEM 2015
Crypttech LOG SIEM 2015Crypttech LOG SIEM 2015
Crypttech LOG SIEM 2015
 
Spring in Action, Sixth Edition
Spring in Action, Sixth EditionSpring in Action, Sixth Edition
Spring in Action, Sixth Edition
 

En vedette

Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
wbarthol
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
Louis Göhl
 
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Tũi Wichets
 
Getting Started With The TFS API
Getting Started With The TFS APIGetting Started With The TFS API
Getting Started With The TFS API
wbarthol
 
Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...
Louis Göhl
 
Hyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and TricksHyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and Tricks
Amit Gatenyo
 

En vedette (19)

Transformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATIONTransformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATION
 
Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
 
SQL and NoSQL in SQL Server
SQL and NoSQL in SQL ServerSQL and NoSQL in SQL Server
SQL and NoSQL in SQL Server
 
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
 
Rodc features
Rodc featuresRodc features
Rodc features
 
Class graph neo4j and software metrics
Class graph neo4j and software metricsClass graph neo4j and software metrics
Class graph neo4j and software metrics
 
Getting Started With The TFS API
Getting Started With The TFS APIGetting Started With The TFS API
Getting Started With The TFS API
 
Managing Hyper-V With PowerShell
Managing Hyper-V With PowerShellManaging Hyper-V With PowerShell
Managing Hyper-V With PowerShell
 
Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Network analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4jNetwork analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4j
 
Hyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and TricksHyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and Tricks
 
DeltaV Development Systems in a Virtualized Environment
DeltaV Development Systems in a Virtualized EnvironmentDeltaV Development Systems in a Virtualized Environment
DeltaV Development Systems in a Virtualized Environment
 
Master the Mystery and Marvels of DeltaV MPC
Master the Mystery and Marvels of DeltaV MPCMaster the Mystery and Marvels of DeltaV MPC
Master the Mystery and Marvels of DeltaV MPC
 
Building The Virtual Plant For DeltaV
Building The Virtual Plant For DeltaVBuilding The Virtual Plant For DeltaV
Building The Virtual Plant For DeltaV
 
Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best Practis
 
Microsoft Test Manager
Microsoft Test ManagerMicrosoft Test Manager
Microsoft Test Manager
 
Improvements in Failover Clustering in Windows Server 2012
Improvements in Failover Clustering in Windows Server 2012Improvements in Failover Clustering in Windows Server 2012
Improvements in Failover Clustering in Windows Server 2012
 

Similaire à Understanding AzMan In Hyper-V

Vm ware server-tips-tricks
Vm ware server-tips-tricksVm ware server-tips-tricks
Vm ware server-tips-tricks
unixadminrasheed
 
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation GuideVirtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
webhostingguy
 
Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360
Amit Gatenyo
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
Youssef EL HADJ
 
V mware admin interview questions
V mware admin interview questionsV mware admin interview questions
V mware admin interview questions
Praveen Raut
 
Windows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) AvançadoWindows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) Avançado
Azure Summit Brasil
 

Similaire à Understanding AzMan In Hyper-V (20)

Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017
 
Vm ware server-tips-tricks
Vm ware server-tips-tricksVm ware server-tips-tricks
Vm ware server-tips-tricks
 
Vmwareserver tips-tricks-110218231744-phpapp01
Vmwareserver tips-tricks-110218231744-phpapp01Vmwareserver tips-tricks-110218231744-phpapp01
Vmwareserver tips-tricks-110218231744-phpapp01
 
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
 
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation GuideVirtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
 
Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360
 
10215 A 04
10215 A 0410215 A 04
10215 A 04
 
Introduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellIntroduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShell
 
Vmware view overview
Vmware view overviewVmware view overview
Vmware view overview
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
 
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scale
 
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
 
Salt Cloud vmware-orchestration
Salt Cloud vmware-orchestrationSalt Cloud vmware-orchestration
Salt Cloud vmware-orchestration
 
10215 A 08
10215 A 0810215 A 08
10215 A 08
 
Vmware admin interview questions
Vmware admin interview questionsVmware admin interview questions
Vmware admin interview questions
 
WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017
 
V mware admin interview questions
V mware admin interview questionsV mware admin interview questions
V mware admin interview questions
 
2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나
 
Windows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) AvançadoWindows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) Avançado
 

Plus de Lai Yoong Seng

Enterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMSEnterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMS
Lai Yoong Seng
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
Lai Yoong Seng
 
Enterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD PremiumEnterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD Premium
Lai Yoong Seng
 
Enterprise Mobility Suite- Introduction
Enterprise Mobility Suite- IntroductionEnterprise Mobility Suite- Introduction
Enterprise Mobility Suite- Introduction
Lai Yoong Seng
 

Plus de Lai Yoong Seng (20)

Are You Protected From Downtime and Data Loss?
Are You Protected From Downtime and Data Loss? Are You Protected From Downtime and Data Loss?
Are You Protected From Downtime and Data Loss?
 
ISV -Microsoft and Veeam Better Together
ISV -Microsoft and Veeam Better TogetherISV -Microsoft and Veeam Better Together
ISV -Microsoft and Veeam Better Together
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Visibility With Veeam One
Visibility With Veeam OneVisibility With Veeam One
Visibility With Veeam One
 
What's next: Veeam Backup for Microsoft O365 2.0
What's next: Veeam Backup for Microsoft O365 2.0What's next: Veeam Backup for Microsoft O365 2.0
What's next: Veeam Backup for Microsoft O365 2.0
 
Enterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMSEnterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMS
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
 
Enterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD PremiumEnterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD Premium
 
Enterprise Mobility Suite- Introduction
Enterprise Mobility Suite- IntroductionEnterprise Mobility Suite- Introduction
Enterprise Mobility Suite- Introduction
 
Get started With Microsoft Azure Virtual Machine
Get started With Microsoft Azure Virtual MachineGet started With Microsoft Azure Virtual Machine
Get started With Microsoft Azure Virtual Machine
 
Disaster Recovery to the Cloud with Microsoft Azure
Disaster Recovery to the Cloud with Microsoft AzureDisaster Recovery to the Cloud with Microsoft Azure
Disaster Recovery to the Cloud with Microsoft Azure
 
MAP Toolkit
MAP ToolkitMAP Toolkit
MAP Toolkit
 
Common Scenario to Start With
Common Scenario to Start WithCommon Scenario to Start With
Common Scenario to Start With
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?
 
Extending On-Premise Infrastructure To Cloud
Extending On-Premise Infrastructure To CloudExtending On-Premise Infrastructure To Cloud
Extending On-Premise Infrastructure To Cloud
 
Managing and Automating Hybrid Cloud Infrastructure
Managing and Automating Hybrid Cloud InfrastructureManaging and Automating Hybrid Cloud Infrastructure
Managing and Automating Hybrid Cloud Infrastructure
 
Private Cloud R2: Scaling From Server To Cloud Services
Private Cloud R2: Scaling From Server To Cloud ServicesPrivate Cloud R2: Scaling From Server To Cloud Services
Private Cloud R2: Scaling From Server To Cloud Services
 
What's New in windows server 2012 R2 Hyper V?
What's New in windows server 2012 R2 Hyper V?What's New in windows server 2012 R2 Hyper V?
What's New in windows server 2012 R2 Hyper V?
 
Storage options in the cloud os
Storage options in the cloud osStorage options in the cloud os
Storage options in the cloud os
 
Why Hyper- V is Your Best Virtualization Cloud OS Platform?
Why Hyper- V is Your Best Virtualization Cloud OS Platform?Why Hyper- V is Your Best Virtualization Cloud OS Platform?
Why Hyper- V is Your Best Virtualization Cloud OS Platform?
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Understanding AzMan In Hyper-V

  • 1. Understanding AzMan in Hyper-V Lai YoongSeng MVP : Virtual Machine www.ms4u.info Technical Consultant, Redynamics
  • 2. Agenda Who is AzMan? How AzMan Works? Configure AzMan Why use AzMan? Auditing Troubleshooting
  • 3. Who is AzMan? Not who but “ What is AzMan ?” AzMan also known as “Authorization Manager” Is a GUI interface for configuring security in Hyper-V Role Based Access and Control (RBAC) is what is used
  • 4. How AzMan Work? Access to resources is based on Role Definitions and not Access Control List (ACL) Roles are based on a list of Tasks that are defined in a Role Definition. The Role Definition is then associated with a Role Assignment Only one Default Role defined in Hyper-V:- Administrator Built in Local Administrator Group is automatically added to the Administrator Role Assignment
  • 5. Access AzMan To access Start | Run | Type Azman.msc Azman.msc is the primary method for defining and managing permissions for Hyper-V Open Authorization Stores
  • 6. Configure AzMan Note: Backup InitialStore.xml before modify Configure Role Assignment Add non administrator to full permission on Hyper-V server
  • 7. Configure AzMan Create Task. A task is a grouping of operation. Example: Control VM task and assign start, stop, restart vm operation. 1 2
  • 8. Configure AzMan Create Role Definition- to limit operation on Hyper-V Server. Example: Operator Role which assign to control VM operation. 1 2
  • 9. Configure AzMan Create new roles – to assign user to tasks or operation 1 2
  • 11. Why use Azman? More secure and limit operation can perform on Hyper-V Hosts Secure either entire Hyper-V host or based on Virtual Machine Note:-
  • 12. Secure by Virtual Machine Step 1: Create Scope Step 2: Create Role Step 3: Assign Role Step 4: Create New VM Step 5: Set the scope of the VM by using 4 scripts – Contributed by Tony Super GUI ? Sorry no GUI.
  • 13. Script #1:- CreateVMInScope.vbs Option Explicit Dim WMIService Dim VMManagementService Dim VMName Dim VMScope Dim VMSystemGlobalSettingData Dim Result Dim inParameters VMName = InputBox(“Specify the name for the new virtual machine:”) VMScope = InputBox(“Specify the scope to be used for the new virtual machine:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘ Initialize the global settings for the VM Set VMSystemGlobalSettingData = WMIService.Get(“Msvm_VirtualSystemGlobalSettingData”).SpawnInstance_() ‘Set the name and scope VMSystemGlobalSettingData.ElementName = VMName VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘ Create the VM VMManagementService.DefineVirtualSystem(VMSystemGlobalSettingData.GetText_(1 )
  • 14. Script #2:DisplayVMScopes.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim Message ‘Setup start of message string Message = “Virtual Machines and their scope of residence” & chr(10) _ & “========================================” ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) Message = Message & chr(10) & “VM: “ & VM.ElementName Message = Message & chr(10) & “Scope: “ & VMSystemGlobalSettingData.ScopeOfResidence Message = Message & chr(10) end if Next wscript.echo Message
  • 15. Script #3:ClearVMScope.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim VMManagementService Dim Result ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) VMSystemGlobalSettingData.ScopeOfResidence = “” Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1)) end if Next
  • 16. Script #4:ChangeVMScope.vbs Dim WMIService Dim VM Dim VMManagementService Dim VMSystemGlobalSettingData Dim VMName Dim VMScope Dim Result ‘Setup variables for the VM we are looking for, and the scope to assign it to VMName = InputBox(“Specify the virtual machine to change scope on:”) VMScope = InputBox(“Specify the new scope to be used:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get the VM object that we want to modify Set VM = (WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem WHERE ElementName=’” & VMName & “‘“)).ItemIndex(0) ‘Get the VirtualSystemGlobalSettingsData of the VM we want to modify Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) ‘Change the ScopeOfResidence property VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘Update the VM with ModifyVirtualSystem Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1))
  • 17. Function of Each Scripts
  • 18. What Happen When Host Join To Domain? Domain Admin Group will have full permission to create and manage VM on host servers. Administrator Role Assignment is set to domain admin
  • 19. What Happen When Host Added into VMM? VMM create a copy and store in ProgramDataicrosoftirtual Machine ManageryperVAuthStore.xml By default, VMM will VMM Administrators are given full access to the VM/Hyper-V, including console access to the VM VMM Delegated administrators have no access to the VM or Hyper-V End User Role members are given console access to the VM if their User Roles has this privilege defined This means that any privileges defined in the old AzManfile will be lost once VMM takes control of the host. When remove Hyper-V host from management, will revert to InitialStore.xml
  • 20. Auditing Must enabled on Authorization Manager 1 2
  • 21. Auditing On Local Hosts. Use Local Security Policy | Audit Policy and Enable object access. On domain, enable on GPO | Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and then double-click Audit directory service access.
  • 22. Troubleshooting AzMan Refer to Event Viewer. Open Windows Log | Security Open Applications and Services Log | Microsoft | Windows Hyper-V-VMMS Hyper-V-Workers More information:- http://technet.microsoft.com/en-us/library/dd581761(WS.10).aspx
  • 24.
  • 25.