Hi friend
it's about 6 months which i am struggling with this issue in hyper-v 2012 R2.
we have a domain network and for employees i have created domain user accounts & are member of "Domainemployees" group.
we have a 2012 R2 hyper-v Host (joined to domain) & have created VMs for each employee on it.
using vmconnect.exe, i have created a shortcut to their VMs & this shortcut is located in theirHome folder which is mapped in their my computer window as a network drive.
i have performed all required steps which is mentioned here Here (John Howard blog) & here part2
but unfortunately, unlike hyper-v 2008R2, there Authorization manager doesn't work & seems they are ignored in windows server 2012R2. so although i have assigned required access to"Domain employees" group,when they double click on their VM shortcut (vmconnect) to connect to their VM's window, that they encounter this error:
"You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer"
so the only workaround is to add our users into"Hyper-v Administrators" group in hyper-v Host LSD.
the downside of this is that users can manipulate their VM settings & configurations which is definitely undesirable ( for example they can change memory, processor, add disks,....)
i have seen many people has this problem & has posed their scenario in forums.
any finally what's the solution?
note that for some reasons, we can't migrate to VMM or System centers & .... we want to handle scenario without deploying System centers & VMM.
if really there is no other solution, i will add them to "Hyper-V Administrators" group, but know is there any trick to deny them from changing VM settings (although they are member of this group?! )
i tried to add them in VM's xml configuration files security tab & assign them deny permission, but no effect & they are still able to change vm settings.
you won't believe that because of the above issue, we have downgraded our server to windows 2008 R2 (which authorization manager works), but we have lost lots of benefits of new features of hyper-v 2012 R2 ) :-(
special thanks to whom help me from hell !