After adding a user or group to the Hyper-V Administrators local group on a host, you are still unable to connect to the host with Windows 10 Hyper-V Manager.
The error is as follows:
"You do not have the required permission to complete this task. Contact the Administrator of the authorization policy for the computer 'SERVERNAME'."
This is due to a change in the way Hyper-V manager connects to the server in Windows 10 / Server 2016.
To re-enable the functionality, the user or group needs to be added to the "WinRMRemoteWMIUsers__" and "Hyper-V Administrators" groups. It also needs to be given the "Enable Account" and "Remote Enable" permissions to the root\interop WMI namespace.
To do this in the GUI, open Computer Management and add the user or group to the "WinRMRemoteWMIUsers__" group. On 2016 this group doesn't exist, I added the user/group to the "Remote Management Users" group on my 2016 hosts.
Also, open "Services and Applications -> WMI Control" properties. Click the security tab, open Root\interop and click the Security button. Add your user or group and check Remote Enable.
To do this with PowerShell, execute the following script (needs to be done with Administrator privileges)
For Windows Server 2016 Hyper-V Servers you will need to change the group "WinRMRemoteWMIUsers__" to "Remote Management Users" in the above script.
For more information on the permissions code please see the below post, I have used only the specific lines required for enabling the specific permissions I require. The following post has a more generic script for WMI permissions:
http://vniklas.djungeln.se/2012/08/22/set-up-non-admin-account-to-access-wmi-and-performance-data-remotely-with-powershell/
Can this script be modified to support workgroup hypver-v server?
ReplyDeleteExcellent!!! thank you very much.
ReplyDeleteIm going to try
ReplyDelete