Virtual Server security settings

  • Article

Virtual Server security settings

This topic describes the security settings that Virtual Server 2005 allows you to configure on:

  • Virtual Machine Remote Control (VMRC) connections
  • Virtual Server configuration settings
  • Virtual machine and virtual network configuration settings
  • Resource files

VMRC connections

From the Administration Website, you can globally specify the type of authentication to use for VMRC connections for all virtual machines running on Virtual Server. You can also configure Secure Sockets Layer (SSL) security for VMRC connections. You can configure authentication as follows:

  • NTLM. With this authentication method, all Windows users with appropriate permissions can administer the virtual machine.
  • Kerberos. When selected and used in conjunction with an Active Directory domain controller, all users of Windows Server 2003, Windows XP, and Windows 2000 operating systems with appropriate permissions can administer the virtual machine.
  • Automatic. With this method, the VMRC client automatically negotiates the authentication protocol, either NTLM or Kerberos. This allows all Windows users with appropriate permissions to administer the virtual machine.

For more information, see Configuring Virtual Machine Remote Control. To enable SSL for the Administration Website itself, use Internet Information Services (IIS) Manager. For instructions, see the documentation for IIS.

Virtual Server configuration settings

From the Administration Website, you can control access to Virtual Server configuration settings, as described in Configuring Virtual Server security settings. You can add users, and change the permissions of users to grant or deny them the ability to perform specified actions. In addition, you can globally enable or disable scripting for Virtual Server or virtual machines. (Scripting is disabled by default.) For instructions, see Enable or disable scripting for Virtual Server or virtual machines.

Virtual machine and virtual network configuration settings

From within the file system, you can configure discretionary access control lists (DACLs) on virtual machine and virtual network configuration files. In this manner, you can control which users can view and modify configuration information for a given virtual machine or virtual network. For more information, see Configuring virtual machine security. For information about the default settings, see File system security settings for Virtual Server.

Resource files

From within the file system, you can configure discretionary access control lists (DACLs) on resource files, such as virtual hard disk (.vhd) files, virtual floppy disk (.vfd) files, and ISO image (.iso) files. In this manner, you can control who can make modifications to these files. In addition, users must have certain permissions on the files in order to access and use a virtual machine. In addition to these settings, to allow a user to log on to a virtual machine, you must add the user account to the guest operating system.

For more information about configuring file system security settings, see Configuring virtual machine security. For information about the default settings, see File system security settings for Virtual Server.