Running Hyper-V in an active directory environment
Use the following steps to run Hyper-V in an active directory environment
Before you begin
Before you begin running Hyper-V in an active directory environment, you need to make sure that the following ations are complete.
- A supported 64-bit Windows server that runs Hyper-V (Full or Core installation of the OS).
- A global group on the domain that is used to manage Hyper-V.
- Domain Admin access to enable changes on the Hyper-V server from the computer that you are working from.
Configuring a Hyper-V server
Use the following steps to configure a Hyper-V server.
- Open a management connect to the Hyper-V server.
- Add Hyper-V group to the Distributed COM Users group.
- Add Hyper-V group to the CIMV2 and Virtualization namespaces.
- Add Hyper-V group to the Authorization store for Hyper-V on the Hyper-V server.
- Provide the Hyper-V group permissions to the Hyper-V Directory on the Hyper-V server.
Setting up a remote management connection
Use the following steps to set up a remote management connection.
- Make sure you are logged in to a computer on the domain that has Domain Admin privileges.
- Go to Control panel > Administrative Tools > Computer Management.
- In the Action menu, select Connect to another computer.
- Enter the server name or IP and click OK.
Adding Distributed COM Users group to a Hyper-V server
Use the following steps to add Distributed COM Users group to the Hyper-V server.
- Go to System Tools > Local Users and Groups > Groups > Distributed COM Users > Add to Group.
- Click Add and enter the group name for the Hyper-V group and click OK.
Granting remote access to the server for CIMV2 and Virtualization namespaces
You can update the permissions for Remote access to the server for Virtualization and CIMV2.
- From the Computer Management window, select Service and Applications > WMI Control.
- Right-click and go to Properties > Security > Root > CIMV2 > Security.
- Add the Hyper-V group, then select it and click Advanced.
- Make sure that the new group is selected and click Edit.
- Change Apply to: to The namespace and all subnamespaces.
- For Enable Account and Remote enable, select Allow.
- Select for Apply these permissions to objects and or containers within this container only and click OK.
- Repeat these steps for Virtualization.
Granting folder permissions
Now that the Hyper-V group has complete permissions to manage Hyper-V remotely, you need to give permissions to write to the C:\Users\Public\Documents\Hyper-V
folder.
-
Open My Computer and go to the following address:
\HOSTNAME\c$\Users\Public\Documents
-
Go to Hyper-V > Properties > Security
-
Add the Hyper-V group and make sure that is can
Read
,Write
, andExecute
files from that directory. In general, it is easier to assign Full control. -
All configuration changes are complete. To finalize the configuration, you need to restart the Hyper-V server. After the server is back online, connect to it from your Local Hyper-V Manager. You now have full access to manage all VMs and the Hyper-V Service.