Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Server TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Windows
Windows Server
Hyper-V
Installation
 Install and Configure Hyper-V Tools...

  Switch on low bandwidth view
Install and Configure Hyper-V Tools for Remote Administration

Applies To: Windows Server 2008

You can install the Hyper-V management tools on a full installation of Windows Server 2008 and on Windows Vista Service Pack 1 (SP1). This topic describes how to install and configure the tools.

noteNote
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

Installing the management tools

Installing the tools consists of obtaining and applying the appropriate update to the operating system.

To install the management tools

  1. Obtain the appropriate update package for the operating system on which you want to install the tools. For more information, see Installing Hyper-V [Node].

  2. Install the update package using the method appropriate for the way you obtained the package:

    • If you obtained the update from Windows Update and the computer is not set up to install updates automatically, install the update manually.

    • If you obtained the update from the Microsoft Download Center, download the file to the computer and then double-click the .msu file.

  3. If you are installing the tools on Windows Vista SP1, no additional installation steps are required, so you can proceed to the configuration instructions. If you are installing the tools on Windows Server 2008, complete the remaining steps.

  4. Open Server Manager. (If Server Manager is not running, click Start, point to Administrative Tools, click Server Manager, and then, if prompted for permission to continue, click Continue.)

  5. In Server Manager, under Features Summary, click Add Features.

  6. On the Select Features page, expand Remote Server Administration Tools, and then expand Remote Administration Tools.

  7. Click Hyper-V Tools, and then proceed through the rest of the wizard.

Configuring the management tools

The configuration process consists of modifying various components that control access and communications between the server running Hyper-V and the computer on which you will run the Hyper-V management tools.

noteNote
No additional configuration is required if you are using the management tools on a computer running Windows Server 2008 and the same user account is a member of the Administrators group on both computers.

Configuring the server running Hyper-V

The following procedures describe how to configure the server running Hyper-V. When domain-level trust is not established, perform all the steps. When domain-level trust exists but the remote user is not a member of the Administrators group on the server running Hyper-V, you must modify the authorization policy, but you can skip the steps for modifying the Distributed COM Users group and the Windows Management Instrumentation (WMI) namespaces.

noteNote
The following procedures assume that you have installed the Hyper-V role on the server. For instructions about installing the Hyper-V role, see Install the Hyper-V Role on a Full Installation of Windows Server 2008 or Install the Hyper-V Role on a Server Core Installation of Windows Server 2008.

To configure the Hyper-V role for remote management on a full installation of Windows Server 2008

  1. Enable the firewall rules for Windows Management Instrumentation. From an elevated command prompt, type:

    netsh advfirewall firewall set rule group=“Windows Management Instrumentation (WMI)” new enable=yes

    The command has succeeded when it returns the following message: “Updated 4 rules(s). Ok.”

    noteNote
    To verify that the command succeeded, you can view the results in Windows Firewall with Advanced Security. Click Start, click Control Panel, switch to Classic View if you are not using that view, click Administrative Tools, and then click Windows Firewall with Advanced Security. Select inbound rules or outbound rules and then sort by the Group column. There should be three inbound rules and one outbound rule enabled for Windows Management Instrumentation.

  2. The next steps configure the authorization policy for the server running the Hyper-V role. If the user who requires remote access to the server running Hyper-V belongs to the Administrators group on both computers, then it is not necessary to configure the authorization policy.

    noteNote
    The instructions for configuring the authorization policy assume that the default authorization policy has not been modified, including the default location, and that the account you are configuring for remote access requires full administrative access to the Hyper-V role.

  3. Click Start, click Start Search and type azman.msc. If you are prompted to confirm the action, click Continue. The Authorization Manager Microsoft Management Console (MMC) snap-in opens.

  4. In the navigation pane, right-click Authorization Manager and click Open Authorization Store. Make sure that XML file is selected. Browse to the %system drive%\Program Data\Microsoft\Windows\Hyper-V folder, select InitialStore.xml, click Open and then click OK.

    noteNote
    The Program Data folder is a hidden folder by default. If the folder is not visible, type: <system_drive>\ProgramData\Microsoft\Windows\Hyper-V\initalstore.xml

  5. In the navigation pane, click Hyper-V services, and then click Role Assignments. Right-click Administrator, point to Assign Users and Groups, and then point to From Windows and Active Directory. In the Select Users, Computers, or Groups dialog box, type the domain name and user name of the user account, and then click OK.

  6. Close Authorization Manager.

  7. Next, you add the remote user to the Distributed COM Users group to provide access to the remote user. Click Start, point to Administrative tools, and click Computer Management. If User Account Control is enabled, click Continue. Component Services opens.

  8. Expand Local Users and Groups, and then click Groups. Right-click Distributed COM Users and click Add to Group.

  9. In the Distributed COM Users Properties dialog box, click Add.

  10. In the Select Users, Computers, or Groups dialog box, type the name of the user and click OK.

  11. Click OK again to close the Distributed COM Users Properties dialog box. Close Component Services.

  12. The remaining steps grant the required WMI permissions to the remote user for two namespaces: the CIMV2 namespace and the virtualization namespace. Click Start, click Administrative Tools, and then click Computer Management.

  13. In the navigation pane, click Services and Applications, right-click WMI Control, and then click Properties.

  14. Click the Security tab, click Root, and then click CIMV2. Below the namespace list, click Security.

  15. In the Security for ROOT\CIMV2 dialog box, check to see if the appropriate user is listed. If not, click Add. In the Select Users, Computers, or Groups dialog box, type the name of the user and click OK.

  16. On the Security tab, select the name of the user. Under Permissions for <user or group name>, click Advanced. On the Permissions tab, verify that the user you want is selected and then click Edit. In the Permission Entry for CIMV2 dialog box, modify three settings as follows:

    • For Apply to, select This namespace and subnamespaces.

    • In the Permissions list, in the Allow column, select the Remote Enable check box.

    • Below the Permissions list, select the Apply these permissions to objects and/or containers within this container only check box.

  17. Click OK in each dialog box until you return to the WMI Control Properties dialog box.

  18. Next, you repeat the process for the virtualization namespace. Scroll down if necessary until you can see the virtualization namespace. Click virtualization. Below the namespace list, click Security.

  19. In the Security for ROOT\virtualization dialog box, check to see if the appropriate user is listed. If not, click Add. In the Select Users, Computers, or Groups dialog box, type the name of the user and click OK.

  20. On the Security tab, select the name of the user. Under Permissions for <user or group name>, click Advanced. On the Permissions tab, verify that the user you want is selected and then click Edit. In the Permission Entry for virtualization dialog box, modify three settings as follows:

    • For Apply to, select This namespace and subnamespaces.

    • In the Permissions list, in the Allow column, select the Remote Enable check box.

    • Below the Permissions list, select the Apply these permissions to objects and/or containers within this container only check box.

  21. Click OK in each dialog box and then close Computer Management.

  22. Restart the server to apply the changes to the authorization policy.

To configure the Hyper-V role for remote management on a Server Core installation of Windows Server 2008

  1. Enable the firewall rules on the server for Windows Management Instrumentation. From an elevated command prompt, type:

    netsh advfirewall firewall set rule group=“Windows Management Instrumentation (WMI)” new enable=yes

    The command has succeeded when it returns the following message: “Updated 4 rules(s). Ok.”

  2. Next, you modify the Distributed COM permissions to provide access to the remote user. Type:

    net localgroup “Distributed COM Users” /add <domain_name>\<user_name>

    where <domain_name> is the domain that the user account belongs to and <user_name> is the user account you want to grant remote access to.

  3. Next, you connect remotely to the server running the Server Core installation so you can modify the authorization policy and the two WMI namespaces, using MMC snap-ins that are not available on the Server Core installation.

    Log on to the computer on which you will run the Hyper-V management tools, using a domain account that is a member of the Administrators group on the computer running a Server Core installation. (If you need to add this user, see the instructions in Install the Hyper-V Role on a Server Core Installation of Windows Server 2008.)

    noteNote
    The instructions for configuring the authorization policy assume that the default authorization policy has not been modified, including the default location, and that the account you are configuring for remote access requires full administrative access to the Hyper-V role.

  4. Click Start, click Start Search and type azman.msc. If you are prompted to confirm the action, click Continue. The Authorization Manager snap-in opens.

  5. In the navigation pane, right-click Authorization Manager and click Open Authorization Store. Make sure that XML file is selected and type:

    \\<remote_computer>\c$\ProgramData\Microsoft\Windows\Hyper-V\initalstore.xml

    where <remote_computer> is the name of the computer running the Server Core installation.

    Click Open and then click OK.

  6. In the navigation pane, click Hyper-V services, and then click Role Assignments. Right-click Administrator, point to Assign Users and Groups, and then point to From Windows and Active Directory. In the Select Users, Computers, or Groups dialog box, type the domain name and user name of the user account, and then click OK.

  7. Close Authorization Manager.

  8. The remaining steps grant the required WMI permissions to the remote user for two namespaces: the CIMV2 namespace and the virtualization namespace. Click Start, click Administrative Tools, and then click Computer Management.

  9. In the navigation pane, click Services and Applications, right-click WMI Control, and then click Properties.

  10. Click the Security tab. Click Root and then click CIMV2. Below the namespace list, click Security.

  11. In the Security for ROOT\CIMV2 dialog box, check to see if the appropriate user is listed. If not, click Add. In the Select Users, Computers, or Groups dialog box, type the name of the user and click OK.

  12. On the Security tab, select the name of the user. Under Permissions for <user or group name>, click Advanced. On the Permissions tab, verify that the user you want is selected and then click Edit. In the Permission Entry for CIMV2 dialog box, modify three settings as follows:

    • For Apply to, select This namespace and subnamespaces.

    • In the Permissions list, in the Allow column, select the Remote Enable check box.

    • Below the Permissions list, select the Apply these permissions to objects and/or containers within this container only check box.

  13. Click OK in each dialog box until you return to the WMI Control Properties dialog box.

  14. Next, you repeat the process for the virtualization namespace. Scroll down if necessary until you can see the virtualization namespace. Click virtualization. Below the namespace list, click Security.

  15. In the Security for ROOT\virtualization dialog box, check to see if the appropriate user is listed. If not, click Add. In the Select Users, Computers, or Groups dialog box, type the name of the user and click OK.

  16. On the Security tab, select the name of the user. Under Permissions for <user or group name>, click Advanced. On the Permissions tab, verify that the user you want is selected and then click Edit. In the Permission Entry for virtualization dialog box, modify three settings as follows:

    • For Apply to, select This namespace and subnamespaces.

    • In the Permissions list, in the Allow column, select the Remote Enable check box.

    • Below the Permissions list, select the Apply these permissions to objects and/or containers within this container only check box.

  17. Click OK in each dialog box and then close Computer Management.

  18. Restart the computer running a Server Core installation to apply the changes to the authorization policy.

Configuring Windows Vista SP1

The following procedure describes how to configure Windows Vista SP1 when domain-level trust is not established.

To configure Windows Vista SP1

  1. Log on to the computer running Windows Vista SP1.

  2. Enable the firewall rules for Windows Management Instrumentation. From an elevated command prompt, type:

    netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes

    The command has succeeded when it returns the following message: “Updated 8 rules(s). Ok.”

    noteNote
    To verify that the command succeeded, you can view the results in Windows Firewall with Advanced Security. Click Start, click Control Panel, switch to Classic View if you are not using that view, click Administrative Tools, and then click Windows Firewall with Advanced Security. Select inbound rules or outbound rules and then sort by the Group column. There should be six inbound rules and two outbound rules enabled for Windows Management Instrumentation.

  3. Enable a firewall exception for the Microsoft Management Console. From an elevated command prompt, type:

    Netsh firewall add allowedprogram program=%windir%\system32\mmc.exe name="Microsoft Management Console"

  4. Start Hyper-V Manager to verify that you can connect remotely to the server. Click Start, click the Start Search box, type Hyper-V Manager and press ENTER. If you are prompted to confirm the action, click Continue. In Hyper-V Manager, under Actions, click Connect to Server. Type the name of the computer or browse to it, and click OK. If Hyper-V Manager can connect to the remote computer, the computer name will appear in the navigation pane and the results pane will list all the virtual machines configured on the server.

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Wrong double quotes in commands      Beat Nideröst   |   Edit   |   Show History
Be careful when copy-pasting the commands from this page into your server core console: the double-quotes are not always standard syntax double-quotes, resulting in syntax errors when executing the commands. For example, executing:

netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes

(copy-pasted from the text above) will give you an error message:

Group cannot be specified along with other identification conditions.

Deleting the double quotes and typing your own ones (" instead of ) solves the problem.
Hyper-V Console that runs on XP , Windows 2003...      rroy   |   Edit   |   Show History
If you are looking for Hyper-V Administration tools that run on XP or Windows 2003, check out http://www.utharam.com. They have a tool that does most of what the microsoft tool does and adds some new capabilities. Very handy if you want to open up Hyper-V management to a large group of people by be able to control what they can manage.
Tags What's this?: Add a tag
Flag as ContentBug
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker