21 steps Win2008 remote management of Hyper-V server

Hyper-V role installation on Windows Server 2008 is relatively simple, as shown in the figure. However, in order for Hyper-V to really work, we also need to do a series of configurations on Windows Server 2008 to remotely manage it.

The following is a brief step to configure a remote management Hyper-V role on a fully installed WIndows Server 2008 server:

1. Enable Windows Management Instrumentation firewall rules. At an elevated command prompt, type:

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes

If the following message is returned " Update 4 rules. success. " means that the command has been successfully executed.

Note that to check if the command was executed successfully, you can view the results in "Advanced Security Windows Firewall". To do this, click Start, then click "Control Panel", switch to classic view (if you are not using it), click "Administrative Tools", and then click "Advanced Security Windows Firewall ". Select an inbound or outbound rule and sort by the "group" column. Three inbound rules and one outbound rule should be enabled for Windows Management Instrumentation.

2. Click Start, then "Start Search", and type azman.msc. When prompted to confirm the operation, click "Continue". The Authorization Manager Microsoft Management Console (MMC) snap-in opens.

3. In the navigation pane, right-click "Authorization Manager", and then click "Open Authorization Store". Make sure the "XML file" is selected. Browse to the %system drive%\\Program Data\\Microsoft\\Windows\\Hyper-V folder, select InitialStore.xml, click "Open", and then click "OK".

Note that by default, the program data folder is a hidden folder. If the folder is not visible, type: \\ProgramData\\Microsoft\\Windows\\Hyper-V\\initalstore.xml

4. In the navigation pane, click "Hyper-V Service", then Click "role assignment". Right-click "admin", point to "Assign Users and Groups", and then point to "From Windows and Active Directory". In the "Select Users, Computers, or Groups" dialog box, type the domain name and username of the user account, and then click "OK".

5, close "authorization manager".

6. Next, add remote users to the Distributed COM Users group to give them access. Click Start, point to "Administrative Tools", and then click "Computer Management". If "User Account Control" is enabled, click "Continue". Open "Component Services".

7. Expand "Local Users and Groups", then click "Group". Right-click on Distributed COM Users and click "Add to Group".

8. In the "Distributed COM Users Properties" dialog, click "Add".

9. In the "Select Users, Computers, or Groups" dialog box, type your username, and then click "OK".

10. Click "OK" again to close the "Distributed COM Users property" dialog. Close "Component Services".

11. The remaining steps will provide remote users with the WMI permissions required to access both namespaces: the CIMV2 namespace and the virtualized namespace. Click Start, "Administrative Tools" and "Computer Management".

12. In the navigation pane, click "Services & Applications", right-click "WMI Control", and then click "Properties".

13. Click the "Security" tab, click "root", and then click CIMV2. Under the list of namespaces, click "Security".

14. In the "ROOT\\CIMV2 Security" dialog, check if the appropriate users are listed. Otherwise, click "Add". In the "Select Users, Computers, or Groups" dialog box, type your username, and then click "OK".

15. On the "Security" tab, select the username. Under Permissions, click "Advanced". On the "Permissions" tab, verify that the desired user has been selected, then click "Edit". In the "CIMV2 Permissions Entry" dialog, modify the three settings as follows:

- For "applicable objects", select "this namespace and sub-namespace".

- In the "Permissions" column of the "Permissions" list, check the "Remote Enable" checkbox.

- Under the "Permissions" list, check "Apply these permissions only to the Objects and/or Containers" checkbox in this container.

16. Click "OK" in each dialog box until you return to the "WMI Control Properties" dialog.

17. Next, repeat the steps of virtualizing namespaces. Scroll down as necessary until you see the virtualized namespace. Click "Virtualization". Under the list of namespaces, click "Security".

18. In the "ROOT\\virtualization Security" dialog, check if the appropriate users are listed. Otherwise, click "Add". In the "Select Users, Computers, or Groups" dialog box, type your username, and then click "OK".

19. On the "Security" tab, select the username. Under Permissions, click "Advanced". On the "Permissions" tab, verify that the desired user has been selected, then click "Edit". In the "Virtualized Permissions Entry" dialog box, modify the three settings as follows:

- For "applicable objects", select "this namespace and sub-namespace".

- In the "Permissions" column of the "Permissions" list, check the "Remote Enable" checkbox.

- Under the "Permissions" list, check "Apply these permissions only to the Objects and/or Containers" checkbox in this container.

20. Click "OK" in each dialog box, then close "Computer Management".

21. Restart the server to apply the changes made to the authorization policy.

After the above configuration, it is convenient to remotely manage the Hyper-V server.