which group should you add User1?

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named
VM1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can install Windows features on VM1. The solution
must minimize the number of permissions assigned to User1.
To which group should you add User1?

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named
VM1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can install Windows features on VM1. The solution
must minimize the number of permissions assigned to User1.
To which group should you add User1?

A.
Server Operators on Server1

B.
Power Users on VM1

C.
Administrators on VM1

D.
Hyper-V Administrators on Server1

Explanation:
* The Hyper-V role enables you to create and manage a virtualized computing environment by using
virtualization technology that is built in to Windows Server 2012. Hyper-V virtualizes hardware to
provide an environment in which you can run multiple operating systems at the same time on one
physical computer, by running each operating system in its own virtual machine.
* Simplified authorization
The Hyper-V Administrators group is introduced in Windows Server 2012 and is implemented as a
local security group.
What value does this change add?
This group can reduce the number of users that belong to the local Administrators group while
providing users with access to Hyper-V.
What works differently?
The Hyper-V Administrators group is a new local security group. Add users to this group instead of
the local Administrators group to provide them with access to Hyper-V. Members of the Hyper-V
Administrators have complete and unrestricted access to all features of Hyper-V.
Reference: What’s New in Hyper-V for Windows Server 2012



Leave a Reply 9

Your email address will not be published. Required fields are marked *


CANUSA

CANUSA

wouldn’t this be “C” since the features are being installed on the VM and not on the host?

Tester

Tester

Answer i C. Hyper-V Administrators is a local group on the Hyper-V hosts it self. The purpose of the group is to minimize members of the local administrators group on the Hyper-V host.
If you need to install features inside a VM you must be member of a group on the VM/ or via domain

Hugh Jorgan

Hugh Jorgan

Tricky. If the question was worded as “modify features on VM1” (the VM feature settings) it would be D. But it doesn’t say that, it says “install features…” so it has to be C.

Geezer32

Geezer32

Answer is C.

The purpose of the Hyper-V admins group is to minimize members of the local administrators group on the Hyper-V host. This group provides access to Hyper-V functions, it does not infer any permissions to the guest VM OS

If you need to install Windows features inside a VM you must be member of administrators on the VM locally or via domain admin rights.

Progenitor

Progenitor

Yep, to install features on the guest OS you need to be local admin or a domain user that is member of local admins group within the guest OS (like domain admins, that are automatically added to local admins as the guest OS joins a domain). The mentioned Hyper-V Administrator group is not inherited into the VM.

Therfor Hyper-V Admins have to be the most trustworthy persons in the company. They easily can steal the entire vhdx files without the need of having access to the guest OS itself. But with Server 2016 the new Shielded VMs will address this issue 😉

NerfHerder

NerfHerder

Though it is possible for a member of the new local Hyper-V Administrators group to locally logon to the Hyper-V and access all of the VHD and Hyper-V functions, this group still lacks the required permissions to install features – even into a VHD of an offline VM.