SlideShare una empresa de Scribd logo

Understanding AzMan In Hyper-V

Lai Yoong Seng
Lai Yoong Seng
Tecnología
1 de 26
Understanding AzMan in Hyper-V Lai YoongSeng MVP : Virtual Machine www.ms4u.info Technical Consultant, Redynamics
Agenda Who is AzMan? How AzMan Works? Configure AzMan Why use AzMan? Auditing Troubleshooting
Who is AzMan? Not who but “ What is AzMan ?” AzMan also known as “Authorization Manager” Is a GUI interface for configuring security in Hyper-V Role Based Access and Control (RBAC) is what is used
How AzMan Work? Access to resources is based on Role Definitions and not Access Control List (ACL) Roles are based on a list of Tasks that are defined in a Role Definition. The Role Definition is then associated with a Role Assignment Only one Default Role defined in Hyper-V:- Administrator Built in Local Administrator Group is automatically added to the Administrator Role Assignment
Access AzMan To access Start | Run | Type Azman.msc Azman.msc is the primary method for defining and managing permissions for Hyper-V Open Authorization Stores
Configure AzMan Note: Backup InitialStore.xml before modify Configure Role Assignment Add non administrator to full permission on Hyper-V server
Configure AzMan Create Task. A task is a grouping of operation. Example: Control VM task and assign start, stop, restart vm operation. 1 2
Configure AzMan Create Role Definition- to limit operation on Hyper-V Server. Example: Operator Role which assign to control VM operation. 1 2
Configure AzMan Create new roles – to assign user to tasks or operation 1 2
Configure AzMan demo
Why use Azman? More secure and limit operation can perform on Hyper-V Hosts Secure either entire Hyper-V host or based on Virtual Machine Note:-
Secure by Virtual Machine Step 1: Create Scope Step 2: Create Role Step 3: Assign Role Step 4: Create New VM Step 5: Set the scope of the VM by using 4 scripts – Contributed by Tony Super GUI ? Sorry no GUI.
Script #1:- CreateVMInScope.vbs Option Explicit Dim WMIService Dim VMManagementService Dim VMName Dim VMScope Dim VMSystemGlobalSettingData Dim Result Dim inParameters VMName = InputBox(“Specify the name for the new virtual machine:”) VMScope = InputBox(“Specify the scope to be used for the new virtual machine:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘ Initialize the global settings for the VM Set VMSystemGlobalSettingData = WMIService.Get(“Msvm_VirtualSystemGlobalSettingData”).SpawnInstance_() ‘Set the name and scope VMSystemGlobalSettingData.ElementName = VMName VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘ Create the VM VMManagementService.DefineVirtualSystem(VMSystemGlobalSettingData.GetText_(1 )
Script #2:DisplayVMScopes.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim Message ‘Setup start of message string Message = “Virtual Machines and their scope of residence” & chr(10) _ & “========================================” ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) Message = Message & chr(10) & “VM: “ & VM.ElementName Message = Message & chr(10) & “Scope: “ & VMSystemGlobalSettingData.ScopeOfResidence Message = Message & chr(10) end if Next wscript.echo Message
Script #3:ClearVMScope.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim VMManagementService Dim Result ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) VMSystemGlobalSettingData.ScopeOfResidence = “” Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1)) end if Next
Script #4:ChangeVMScope.vbs Dim WMIService Dim VM Dim VMManagementService Dim VMSystemGlobalSettingData Dim VMName Dim VMScope Dim Result ‘Setup variables for the VM we are looking for, and the scope to assign it to VMName = InputBox(“Specify the virtual machine to change scope on:”) VMScope = InputBox(“Specify the new scope to be used:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get the VM object that we want to modify Set VM = (WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem WHERE ElementName=’” & VMName & “‘“)).ItemIndex(0) ‘Get the VirtualSystemGlobalSettingsData of the VM we want to modify Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) ‘Change the ScopeOfResidence property VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘Update the VM with ModifyVirtualSystem Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1))
Function of Each Scripts
What Happen When Host Join To Domain? Domain Admin Group will have full permission to create and manage VM on host servers. Administrator Role Assignment is set to domain admin
What Happen When Host Added into VMM? VMM create a copy and store in ProgramDataicrosoftirtual Machine ManageryperVAuthStore.xml By default, VMM will VMM Administrators are given full access to the VM/Hyper-V, including console access to the VM VMM Delegated administrators have no access to the VM or Hyper-V End User Role members are given console access to the VM if their User Roles has this privilege defined This means that any privileges defined in the old AzManfile will be lost once VMM takes control of the host. When remove Hyper-V host from management, will revert to InitialStore.xml
Auditing Must enabled on Authorization Manager 1 2
Auditing On Local Hosts. Use Local Security Policy | Audit Policy and Enable object access. On domain, enable on GPO | Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and then double-click Audit directory service access.
Troubleshooting AzMan Refer to Event Viewer. Open Windows Log | Security Open Applications and Services Log | Microsoft | Windows Hyper-V-VMMS Hyper-V-Workers More information:- http://technet.microsoft.com/en-us/library/dd581761(WS.10).aspx
Event Viewer
Summary ,[object Object]
Security in Hyper-V,[object Object],[object Object]
Understanding AzMan In Hyper-V

Recomendados

Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
Kannan Ganapathy
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection Techniques
Team Firefly
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXII
stixproject
 
Study Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation CertificationStudy Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation Certification
WAJAHAT IQBAL
 
[Product Camp 2021] Product Direction
[Product Camp 2021] Product Direction [Product Camp 2021] Product Direction
[Product Camp 2021] Product Direction
Product Camp Brasil
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
Edinburgh Napier University
 

Recomendados

Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
Kannan Ganapathy
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection Techniques
Team Firefly
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXII
stixproject
 
Study Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation CertificationStudy Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation Certification
WAJAHAT IQBAL
 
[Product Camp 2021] Product Direction
[Product Camp 2021] Product Direction [Product Camp 2021] Product Direction
[Product Camp 2021] Product Direction
Product Camp Brasil
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
Edinburgh Napier University
 
Contemporary Software Platform Trends
Contemporary Software Platform TrendsContemporary Software Platform Trends
Contemporary Software Platform Trends
Albrecht Jones
 
Cybersecurity Basics.pptx
Cybersecurity Basics.pptxCybersecurity Basics.pptx
Cybersecurity Basics.pptx
LineshiDharamraj1
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Geevarghese Titus
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
Priyanka Aash
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
Aung Thu Rha Hein
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on Steroids
PaladionNetworks01
 
Cyber Security in Bangladesh
Cyber Security in Bangladesh Cyber Security in Bangladesh
Cyber Security in Bangladesh
Mohiuddin Murad
 
COSO ERM 2017 traduit en Français.pdf
COSO ERM 2017 traduit en Français.pdfCOSO ERM 2017 traduit en Français.pdf
COSO ERM 2017 traduit en Français.pdf
hassanekoussoubeKOUS
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
BCM Institute
 
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaLearn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Edureka!
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshop
prithaaash
 
Ghid final Digitalizare IMM
Ghid final Digitalizare IMMGhid final Digitalizare IMM
Ghid final Digitalizare IMM
One-IT
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
Drughe .it
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
Ceremit srl
 
Cyber Security Management.pdf
Cyber Security Management.pdfCyber Security Management.pdf
Cyber Security Management.pdf
Robert Kloots
 
Transformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATIONTransformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATION
Lukasz Kaluzny
 
Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
wbarthol
 

Más contenido relacionado

La actualidad más candente

Contemporary Software Platform Trends
Contemporary Software Platform TrendsContemporary Software Platform Trends
Contemporary Software Platform Trends
Albrecht Jones
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
BCM Institute
 
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaLearn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Edureka!
 
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
Drughe .it
 

La actualidad más candente (20)

Contemporary Software Platform Trends
Contemporary Software Platform TrendsContemporary Software Platform Trends
Contemporary Software Platform Trends
 
Cybersecurity Basics.pptx
Cybersecurity Basics.pptxCybersecurity Basics.pptx
Cybersecurity Basics.pptx
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on Steroids
 
Cyber Security in Bangladesh
Cyber Security in Bangladesh Cyber Security in Bangladesh
Cyber Security in Bangladesh
 
COSO ERM 2017 traduit en Français.pdf
COSO ERM 2017 traduit en Français.pdfCOSO ERM 2017 traduit en Français.pdf
COSO ERM 2017 traduit en Français.pdf
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
 
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaLearn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshop
 
Ghid final Digitalizare IMM
Ghid final Digitalizare IMMGhid final Digitalizare IMM
Ghid final Digitalizare IMM
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
La politica sull'uguaglianza di genere in Italia - Analisi approfondita per l...
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
Ingegneria Sociale Seminario Sulla Tutela Dei Dati Strategici Aziendali 28112012
 
Cyber Security Management.pdf
Cyber Security Management.pdfCyber Security Management.pdf
Cyber Security Management.pdf
 

Destacado

Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
wbarthol
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
Louis Göhl
 
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Tũi Wichets
 
Getting Started With The TFS API
Getting Started With The TFS APIGetting Started With The TFS API
Getting Started With The TFS API
wbarthol
 
Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...
Louis Göhl
 
Hyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and TricksHyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and Tricks
Amit Gatenyo
 

Destacado (19)

Transformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATIONTransformacja do chmury w ITMAGINATION
Transformacja do chmury w ITMAGINATION
 
Introduction To Work Item Customisation
Introduction To Work Item CustomisationIntroduction To Work Item Customisation
Introduction To Work Item Customisation
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
 
SQL and NoSQL in SQL Server
SQL and NoSQL in SQL ServerSQL and NoSQL in SQL Server
SQL and NoSQL in SQL Server
 
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture Windows Server 2008 R2 Hyper-V SP1 Component Architecture
Windows Server 2008 R2 Hyper-V SP1 Component Architecture
 
Rodc features
Rodc featuresRodc features
Rodc features
 
Class graph neo4j and software metrics
Class graph neo4j and software metricsClass graph neo4j and software metrics
Class graph neo4j and software metrics
 
Getting Started With The TFS API
Getting Started With The TFS APIGetting Started With The TFS API
Getting Started With The TFS API
 
Managing Hyper-V With PowerShell
Managing Hyper-V With PowerShellManaging Hyper-V With PowerShell
Managing Hyper-V With PowerShell
 
Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...Storage and hyper v - the choices you can make and the things you need to kno...
Storage and hyper v - the choices you can make and the things you need to kno...
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Network analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4jNetwork analysis with Hadoop and Neo4j
Network analysis with Hadoop and Neo4j
 
Hyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and TricksHyper-V Best Practices & Tips and Tricks
Hyper-V Best Practices & Tips and Tricks
 
DeltaV Development Systems in a Virtualized Environment
DeltaV Development Systems in a Virtualized EnvironmentDeltaV Development Systems in a Virtualized Environment
DeltaV Development Systems in a Virtualized Environment
 
Master the Mystery and Marvels of DeltaV MPC
Master the Mystery and Marvels of DeltaV MPCMaster the Mystery and Marvels of DeltaV MPC
Master the Mystery and Marvels of DeltaV MPC
 
Building The Virtual Plant For DeltaV
Building The Virtual Plant For DeltaVBuilding The Virtual Plant For DeltaV
Building The Virtual Plant For DeltaV
 
Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best Practis
 
Microsoft Test Manager
Microsoft Test ManagerMicrosoft Test Manager
Microsoft Test Manager
 
Improvements in Failover Clustering in Windows Server 2012
Improvements in Failover Clustering in Windows Server 2012Improvements in Failover Clustering in Windows Server 2012
Improvements in Failover Clustering in Windows Server 2012
 

Similar a Understanding AzMan In Hyper-V

Vm ware server-tips-tricks
Vm ware server-tips-tricksVm ware server-tips-tricks
Vm ware server-tips-tricks
unixadminrasheed
 
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation GuideVirtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
webhostingguy
 
Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360
Amit Gatenyo
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
Youssef EL HADJ
 
V mware admin interview questions
V mware admin interview questionsV mware admin interview questions
V mware admin interview questions
Praveen Raut
 
Windows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) AvançadoWindows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) Avançado
Azure Summit Brasil
 

Similar a Understanding AzMan In Hyper-V (20)

Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017
 
Vm ware server-tips-tricks
Vm ware server-tips-tricksVm ware server-tips-tricks
Vm ware server-tips-tricks
 
Vmwareserver tips-tricks-110218231744-phpapp01
Vmwareserver tips-tricks-110218231744-phpapp01Vmwareserver tips-tricks-110218231744-phpapp01
Vmwareserver tips-tricks-110218231744-phpapp01
 
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
 
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation GuideVirtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
 
Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360Tech Ed 2008 Israel Server Management 360
Tech Ed 2008 Israel Server Management 360
 
10215 A 04
10215 A 0410215 A 04
10215 A 04
 
Introduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShellIntroduction To Managing VMware With PowerShell
Introduction To Managing VMware With PowerShell
 
Vmware view overview
Vmware view overviewVmware view overview
Vmware view overview
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
 
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scale
 
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
 
Salt Cloud vmware-orchestration
Salt Cloud vmware-orchestrationSalt Cloud vmware-orchestration
Salt Cloud vmware-orchestration
 
10215 A 08
10215 A 0810215 A 08
10215 A 08
 
Vmware admin interview questions
Vmware admin interview questionsVmware admin interview questions
Vmware admin interview questions
 
WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017WMI for Penetration Testers - Arcticcon 2017
WMI for Penetration Testers - Arcticcon 2017
 
V mware admin interview questions
V mware admin interview questionsV mware admin interview questions
V mware admin interview questions
 
2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나2014.08.30 Virtual Machine Threat 세미나
2014.08.30 Virtual Machine Threat 세미나
 
Windows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) AvançadoWindows Azure Infrastructure as a Service (IaaS) Avançado
Windows Azure Infrastructure as a Service (IaaS) Avançado
 

Más de Lai Yoong Seng

Enterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMSEnterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMS
Lai Yoong Seng
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
Lai Yoong Seng
 
Enterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD PremiumEnterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD Premium
Lai Yoong Seng
 
Enterprise Mobility Suite- Introduction
Enterprise Mobility Suite- IntroductionEnterprise Mobility Suite- Introduction
Enterprise Mobility Suite- Introduction
Lai Yoong Seng
 

Más de Lai Yoong Seng (20)

Are You Protected From Downtime and Data Loss?
Are You Protected From Downtime and Data Loss? Are You Protected From Downtime and Data Loss?
Are You Protected From Downtime and Data Loss?
 
ISV -Microsoft and Veeam Better Together
ISV -Microsoft and Veeam Better TogetherISV -Microsoft and Veeam Better Together
ISV -Microsoft and Veeam Better Together
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Visibility With Veeam One
Visibility With Veeam OneVisibility With Veeam One
Visibility With Veeam One
 
What's next: Veeam Backup for Microsoft O365 2.0
What's next: Veeam Backup for Microsoft O365 2.0What's next: Veeam Backup for Microsoft O365 2.0
What's next: Veeam Backup for Microsoft O365 2.0
 
Enterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMSEnterprise Mobility Suite- Azure RMS
Enterprise Mobility Suite- Azure RMS
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
 
Enterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD PremiumEnterprise Mobility Suite- Azure AD Premium
Enterprise Mobility Suite- Azure AD Premium
 
Enterprise Mobility Suite- Introduction
Enterprise Mobility Suite- IntroductionEnterprise Mobility Suite- Introduction
Enterprise Mobility Suite- Introduction
 
Get started With Microsoft Azure Virtual Machine
Get started With Microsoft Azure Virtual MachineGet started With Microsoft Azure Virtual Machine
Get started With Microsoft Azure Virtual Machine
 
Disaster Recovery to the Cloud with Microsoft Azure
Disaster Recovery to the Cloud with Microsoft AzureDisaster Recovery to the Cloud with Microsoft Azure
Disaster Recovery to the Cloud with Microsoft Azure
 
MAP Toolkit
MAP ToolkitMAP Toolkit
MAP Toolkit
 
Common Scenario to Start With
Common Scenario to Start WithCommon Scenario to Start With
Common Scenario to Start With
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?
 
Extending On-Premise Infrastructure To Cloud
Extending On-Premise Infrastructure To CloudExtending On-Premise Infrastructure To Cloud
Extending On-Premise Infrastructure To Cloud
 
Managing and Automating Hybrid Cloud Infrastructure
Managing and Automating Hybrid Cloud InfrastructureManaging and Automating Hybrid Cloud Infrastructure
Managing and Automating Hybrid Cloud Infrastructure
 
Private Cloud R2: Scaling From Server To Cloud Services
Private Cloud R2: Scaling From Server To Cloud ServicesPrivate Cloud R2: Scaling From Server To Cloud Services
Private Cloud R2: Scaling From Server To Cloud Services
 
What's New in windows server 2012 R2 Hyper V?
What's New in windows server 2012 R2 Hyper V?What's New in windows server 2012 R2 Hyper V?
What's New in windows server 2012 R2 Hyper V?
 
Storage options in the cloud os
Storage options in the cloud osStorage options in the cloud os
Storage options in the cloud os
 
Why Hyper- V is Your Best Virtualization Cloud OS Platform?
Why Hyper- V is Your Best Virtualization Cloud OS Platform?Why Hyper- V is Your Best Virtualization Cloud OS Platform?
Why Hyper- V is Your Best Virtualization Cloud OS Platform?
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Understanding AzMan In Hyper-V

  • 1. Understanding AzMan in Hyper-V Lai YoongSeng MVP : Virtual Machine www.ms4u.info Technical Consultant, Redynamics
  • 2. Agenda Who is AzMan? How AzMan Works? Configure AzMan Why use AzMan? Auditing Troubleshooting
  • 3. Who is AzMan? Not who but “ What is AzMan ?” AzMan also known as “Authorization Manager” Is a GUI interface for configuring security in Hyper-V Role Based Access and Control (RBAC) is what is used
  • 4. How AzMan Work? Access to resources is based on Role Definitions and not Access Control List (ACL) Roles are based on a list of Tasks that are defined in a Role Definition. The Role Definition is then associated with a Role Assignment Only one Default Role defined in Hyper-V:- Administrator Built in Local Administrator Group is automatically added to the Administrator Role Assignment
  • 5. Access AzMan To access Start | Run | Type Azman.msc Azman.msc is the primary method for defining and managing permissions for Hyper-V Open Authorization Stores
  • 6. Configure AzMan Note: Backup InitialStore.xml before modify Configure Role Assignment Add non administrator to full permission on Hyper-V server
  • 7. Configure AzMan Create Task. A task is a grouping of operation. Example: Control VM task and assign start, stop, restart vm operation. 1 2
  • 8. Configure AzMan Create Role Definition- to limit operation on Hyper-V Server. Example: Operator Role which assign to control VM operation. 1 2
  • 9. Configure AzMan Create new roles – to assign user to tasks or operation 1 2
  • 11. Why use Azman? More secure and limit operation can perform on Hyper-V Hosts Secure either entire Hyper-V host or based on Virtual Machine Note:-
  • 12. Secure by Virtual Machine Step 1: Create Scope Step 2: Create Role Step 3: Assign Role Step 4: Create New VM Step 5: Set the scope of the VM by using 4 scripts – Contributed by Tony Super GUI ? Sorry no GUI.
  • 13. Script #1:- CreateVMInScope.vbs Option Explicit Dim WMIService Dim VMManagementService Dim VMName Dim VMScope Dim VMSystemGlobalSettingData Dim Result Dim inParameters VMName = InputBox(“Specify the name for the new virtual machine:”) VMScope = InputBox(“Specify the scope to be used for the new virtual machine:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘ Initialize the global settings for the VM Set VMSystemGlobalSettingData = WMIService.Get(“Msvm_VirtualSystemGlobalSettingData”).SpawnInstance_() ‘Set the name and scope VMSystemGlobalSettingData.ElementName = VMName VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘ Create the VM VMManagementService.DefineVirtualSystem(VMSystemGlobalSettingData.GetText_(1 )
  • 14. Script #2:DisplayVMScopes.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim Message ‘Setup start of message string Message = “Virtual Machines and their scope of residence” & chr(10) _ & “========================================” ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) Message = Message & chr(10) & “VM: “ & VM.ElementName Message = Message & chr(10) & “Scope: “ & VMSystemGlobalSettingData.ScopeOfResidence Message = Message & chr(10) end if Next wscript.echo Message
  • 15. Script #3:ClearVMScope.vbs Option Explicit Dim WMIService Dim VMList Dim VM Dim VMSystemGlobalSettingData Dim VMManagementService Dim Result ‘Get instance of ‘virtualization’ WMI service on the local computer Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get all the MSVM_ComputerSystem object Set VMList = WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem”) For Each VM In VMList if VM.Caption = “Virtual Machine” then Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) VMSystemGlobalSettingData.ScopeOfResidence = “” Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1)) end if Next
  • 16. Script #4:ChangeVMScope.vbs Dim WMIService Dim VM Dim VMManagementService Dim VMSystemGlobalSettingData Dim VMName Dim VMScope Dim Result ‘Setup variables for the VM we are looking for, and the scope to assign it to VMName = InputBox(“Specify the virtual machine to change scope on:”) VMScope = InputBox(“Specify the new scope to be used:”) ‘Get an instance of the WMI Service in the virtualization namespace. Set WMIService = GetObject(“winmgmts:.ootirtualization”) ‘Get a VMManagementService object Set VMManagementService = WMIService.ExecQuery(“SELECT * FROM Msvm_VirtualSystemManagementService”).ItemIndex(0) ‘Get the VM object that we want to modify Set VM = (WMIService.ExecQuery(“SELECT * FROM Msvm_ComputerSystem WHERE ElementName=’” & VMName & “‘“)).ItemIndex(0) ‘Get the VirtualSystemGlobalSettingsData of the VM we want to modify Set VMSystemGlobalSettingData = (VM.Associators_(“MSVM_ElementSettingData”, “Msvm_VirtualSystemGlobalSettingData”)).ItemIndex(0) ‘Change the ScopeOfResidence property VMSystemGlobalSettingData.ScopeOfResidence = VMScope ‘Update the VM with ModifyVirtualSystem Result = VMManagementService.ModifyVirtualSystem(VM.Path_.Path, VMSystemGlobalSettingData.GetText_(1))
  • 17. Function of Each Scripts
  • 18. What Happen When Host Join To Domain? Domain Admin Group will have full permission to create and manage VM on host servers. Administrator Role Assignment is set to domain admin
  • 19. What Happen When Host Added into VMM? VMM create a copy and store in ProgramDataicrosoftirtual Machine ManageryperVAuthStore.xml By default, VMM will VMM Administrators are given full access to the VM/Hyper-V, including console access to the VM VMM Delegated administrators have no access to the VM or Hyper-V End User Role members are given console access to the VM if their User Roles has this privilege defined This means that any privileges defined in the old AzManfile will be lost once VMM takes control of the host. When remove Hyper-V host from management, will revert to InitialStore.xml
  • 20. Auditing Must enabled on Authorization Manager 1 2
  • 21. Auditing On Local Hosts. Use Local Security Policy | Audit Policy and Enable object access. On domain, enable on GPO | Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and then double-click Audit directory service access.
  • 22. Troubleshooting AzMan Refer to Event Viewer. Open Windows Log | Security Open Applications and Services Log | Microsoft | Windows Hyper-V-VMMS Hyper-V-Workers More information:- http://technet.microsoft.com/en-us/library/dd581761(WS.10).aspx
  • 24.
  • 25.