A: You can use the Authorization Manager (AzMan) to define specific roles for VM administrators on a Hyper-V server, and to ensure that they have permissions only for their respective VMs.

Microsoft introduced AzMan in Windows Server 2003 to let developers and administrators easily add role-based access control (RBAC) rules to their applications. Unfortunately, few Windows administrators have used AzMan and know how to configure it. For an excellent description of how to set up AzMan for delegating permissions on a Hyper-V server, see this blog.

In this context, it's worth mentioning System Center Virtual Machine Manager (VMM), Microsoft’s enterprise management solution for virtualization servers and VMs. VMM reduces the complexity of configuring and managing AzMan authorization rules. More information about VMM is available on Microsoft's site.

Related Reading:
  • Securing Hyper-V
  • Q. Where can I read the Microsoft Hyper-V Security Guidelines?
  • Running SQL Server on Hyper-V
  • Windows Server 2008 Hyper-V