Académique Documents
Professionnel Documents
Culture Documents
SCVMM
Managing user roles in SCVMM
Wizard
Page Action
General Type a User role name and Description, and then select Delegated Administrator in
the User Role Profile list.
Add Click Add and then type the names of the Active Directory users or groups you want
Members to add to this role.
Select Select the host groups and library servers that you want to enable members of the
Scope user role to manage.
Summary Review the user role settings. To change settings, click Previous. To create the User
Role, click Create.
Note
Use the View Script button to display the Windows PowerShell - Virtual
Machine Manager cmdlets that will perform the operation. All administrative
tasks in Virtual Machine Manager can be performed at the command line or
scripted.
Administrator Able to perform all actions in the VMM Administrator Console. Members of
this user role can create new Delegated Administrator and Self-Service user
roles. Only members of the Administrator user role can add additional
members.
Note
The Administrator user role is created when you install VMM. By default,
the user who performs the VMM installation is added to the
Administrator user role and all accounts in the local Administrators
security group are also automatically added.
Delegated Able to perform most actions in the VMM Administrator Console, but only
Administrator within the scope defined in the role. Members of this user role can create new
Delegated Administrator and Self-Service user roles but cannot modify VMM
settings.
Self-Service Able to use the VMM Self-Service Portal to perform tasks on their virtual
User machines as defined in the user role. Members of this user role cannot create
new user roles.
Important
In VMM 2008 R2, VMM preserves changes made to role definitions or role memberships in the
root scope of the Hyper-V authorization store. All changes to any other scope are overwritten
every half hour by the VMM user role refresher. This differs from user role processing in
VMM 2008. In VMM 2008, VMM determines access to virtual machines, hosts, and resources
based solely on the rights and permissions associated with VMM user roles. VMM 2008 does not
make any changes to Hyper-V role definitions and role memberships; it simply ignores the Hyper-
V authorization store while the hosts and virtual machines are under its management.
For more information about user roles and scopes, see Role-Based Security in VMM
(http://go.microsoft.com/fwlink/?LinkId=119337).
If a host has been removed from VMM after the last backup was created, it
will have a status of Needs Attention in Hosts view, and any virtual machines
on that host will have a status of Host Not Responding in Virtual Machines
view.
• Add back any hosts that were added since the last update. For more
information, see Adding Hosts.
b. In the VMM Administrator Console, in Virtual Machines view, remove any virtual
machines that were removed from VMM since the last backup was created. For more
Backing Up and Restoring the VMM Database / To back up the VMM database Page 4
Managing user roles in SCVMM
If a host is present but has a virtual machine that was removed since the last backup,
the virtual machine will have a status of Missing in Virtual Machines view.
If a host has been removed from VMM after the last backup was created, it
will have a status of Needs Attention in Hosts view and Access Denied in
Managed Computers, and any virtual machines on that host will have a
status of Host Not Responding in Virtual Machines view.
• Add back any hosts that were added since the last update. For more
information, see Adding Hosts.
c. In the VMM Administrator Console, in Virtual Machines view, remove any virtual
machines that were removed from VMM since the last backup was created. For more
information, see How to Remove a Virtual Machine
(http://go.microsoft.com/fwlink/?LinkID=121825).
If a host is present but has a virtual machine that was removed since the last backup,
the virtual machine will have a status of Missing in Virtual Machines view.
Backing Up and Restoring the VMM Database / To restore the VMM database on a different
computer Page 5
Managing user roles in SCVMM
Wizard
Page Action
General Type a User role name and Description, and then select Delegated Administrator in
the User Role Profile list.
Add Click Add and then type the names of the Active Directory users or groups you want
Members to add to this role.
Select Select the host groups and library servers that you want to enable members of the
Scope user role to manage.
Summary Review the user role settings. To change settings, click Previous. To create the User
Role, click Create.
Note
Use the View Script button to display the Windows PowerShell - Virtual
Machine Manager cmdlets that will perform the operation. All administrative
tasks in Virtual Machine Manager can be performed at the command line or
scripted.
Note
For more information about creating and managing self-service user roles, see Role-Based
Security in VMM (http://go.microsoft.com/fwlink/?LinkID=145061).
General Type a User role name and Description, then select Self Service User in the
Profile list.
Add Click Add and then type the names of the users or groups you want to add to this
Members role.
Select Scope Select the host groups on which users will deploy their virtual machines.
Virtual Select the actions that you want to allow the members of this group to perform
Machine on virtual machines. You can select All actions, or grant a set of actions by
Permissions selecting one or more of the following:
• Start
• Stop
• Pause and resume
• Checkpoint—Allows the user to create and remove checkpoints, and to
restore their virtual machines to a previous checkpoint. For more
information, see About Checkpoints
(http://go.microsoft.com/fwlink/?LinkID=162783).
• Remove—Allows the user to remove virtual machines, deleting the
configuration files.
• Local Administrator—Allows the user to set the local administrator
password when creating a virtual machine so that the user has
administrator rights and permissions on the virtual machine.
• Remote connection—Allows the user to remotely control the virtual
machine.
• Shut down
Virtual You can allow the members of the self-service user group to create virtual
Machine machines, assign virtual machine templates for the self-service users to use, and
Creation optionally set a virtual machine quota to limit the number of virtual machines the
Settings users can deploy at one time.
If you select Allow users to create new virtual machines, you must specify a
template that users will use to create their virtual machines. To add templates:
1. Click Add.
The Select a Template dialog box displays the templates that are
available in the Virtual Machine Manager library.
2. To add a template, select the template and click OK.
How to Create a Self-Service User Role / To create a self-service user role Page 7
Managing user roles in SCVMM
2. In Maximum quota points allowed for this user role, specify how many
quota points the users in this role will be allowed. This will allow each
user in this user role to create virtual machines until they have reached
this quota. To limit the user role as a group to the maximum quota
points, select the Share quota across user role members check box. This
will allow the group to create virtual machines until the group has
reached the quota, regardless of how many points each individual has
deployed.
Library You can grant members of the self-service user group access to a library share. If
Settings you allow the self-service users to store their virtual machines on a library share,
the stored virtual machines do not count against any virtual machine quota that
you set when allowing self-service users to create a virtual machine.
The virtual machines are stored on the path that you specify on an existing library
share. The self-service users do not know the physical location of their stored
virtual machines. For information about adding library servers and shares, see
Adding File-Based Resources to the Library
(http://go.microsoft.com/fwlink/?LinkId=162788).
If you select Allow users to store virtual machines in a library, you need to
specify where to store the virtual machines. Additionally, you can allow users to
attach ISO images to their virtual machines by selecting a Library path that
contains ISO images.
1. Select the library server and share from the Select the library server and
library share that will store users’ virtual machines and available ISOs
list.
2. To specify a path for the virtual machines on the selected library server,
click Browse by the Library path field, and then navigate to the folder
where you want to store the virtual machines. To allow users to attach
ISO images to their virtual machines, select the folder containing the ISO
images the users should have access to.
The Select Destination Folder dialog box shows only folders within
designated library shares. For information about adding shares to a
library server, see How to Add Library Shares
(http://go.microsoft.com/fwlink/?LinkId=162801).
Summary Review the User Role settings. To change settings, click Previous. To create the
User Role, click Create.
Note
Use the View Script button to display the Windows PowerShell - Virtual
Machine Manager cmdlets that will perform the operation. All
administrative tasks in Virtual Machine Manager can be performed at the
command line or scripted.
How to Create a Self-Service User Role / To create a self-service user role Page 8
Managing user roles in SCVMM
1. From the User Roles view in the VMM Administrator Console, select the user role you want
to remove.
Note