I'm looking to give a user view-only access to Hyper-V, meaning they should only be able to see the VMs but not make any changes. I've done some research and asked around but it seems like this might not be possible. Has anyone successfully figured out a way to achieve this?
5 Answers
As for connecting, if they only need to check specific VMs, you should look into enabling RDP or SSH for those VMs instead of providing full Hyper-V access. That could work better for you.
It seems you can't simply set this up through the regular GUI. You might need to explore creating a custom JEA endpoint using PowerShell. There's also the newer Windows Admin Center that offers a read-only capability which could be useful for what you're aiming for.
What do you envision 'view-only' access to mean in this context? Do you want them to interact with anything at all? If you’re aiming for zero user interaction, you might consider kiosk mode for the VMs, although that's a broader configuration than just Hyper-V.
Exactly, they just want to avoid messing with the VM settings.
First, you might want to clarify what exactly they need to view. If it's just status information, you could create an HTML report using PowerShell to share the data without giving full access. That way they wouldn't be able to change anything, just view the necessary info.
That sounds like a good idea! My boss just wanted one of the IT specialists to track the system's status.
Definitely! A simple PowerShell script could be a great solution to present the information they need.
Currently, there’s no built-in RBAC for Hyper-V, but there are hopes that the integration with Windows Admin Center's vMode will bring some improvements in the future.
The goal is to give them access to the entire Hyper-V setup so they can observe and learn how it operates.