Windows, security, etc.

There are two ways to delegate administration of  Hyper-V server. If you are using SCVMM, use SCVMM to do it. If not, AzMan (Authorization Manager) is your best Friend.

How to run AzMan? Type AzMan.msc in run box.

After you start Azman, you will have to open  a store for delegation configuration. There is xml file on every server with Hyper-V role installed called InitialStore.xml. It’s located in %ProgramData%\ProgramData\Microsoft\Windows\Hyper-V. So, when you run AzMan for the first time, you will have to choose this file.

How? 

1. Open AzMan (start/run/azman.msc)
2. Right click on Authorization manager in the left tree of your mmc console and choose Open Authorization Store. Click OK

Authorization Manager

AzMan UI is simple to use.

There are 34 operations you can allow access for your users, like for instance, Allow Virtual Machine Snapshot, Connect Virtual Switch Port, Reconfigure Service etc. Play around if you want to customize specific tasks to your users or give them full admin access to hyper-V services.

Hyper-V is Microsoft virtualization technology that uses Microkernelized hypervisor. Let’s explain those words:

1. Micro  – it’s small. 
2. Kernelized- it runs in kernel. Actually it runs below kernel. When Windows boot up on a machine with Hyper-V installed, winload.exe loads the driver hvboot.sys.It’s purpose is to check if machine support hardware virtualization. If so, hypervisor image file is loaded (hvix.exe on intel and hvax.exe on amd hardware)
3. Hypervisior - software, hardware or combination of both that allows multiple operating systems to run on a single host computer

So, how big is microkernel of Hyper-V hypervisor?

Hypervisior v2 build 6.1.7600.16385 is:

• 651776 bytes (hvax64.exe – AMD), and
• 706650 bytes (hvix64.exe – Intel)

Microsoft Hypervisor 2.0

I have heard that some People have had problems after installing new updates on XP machines. The problems are different so I will not try to explain how to fix it. I will remind you how to ask for help . Of course you could always use your favorite search engine to find a solution, but if the problem arose after applying some new update, you will probably found nothing. So, the best thing to do is to ask for help.

Start a free Windows Update support incident request and ask for help:
https://support.microsoft.com/oas/default.aspx?gprid=6527
https://consumersecuritysupport.microsoft.com/
http://support.microsoft.com/ph/6527#tab3

Hope this will help you next time you find yourself in helpless situation.

After a few months of initial public demonstration of SSL renegotiation vulnerability, there was no widely used exploit/attack.  Unfortunately, there is (was) only a matter of time when something like this will happen. Reading Microsoft security advisory 977377, one can speculate that this will happen soon. Since this is not only Microsoft “problem” (SSL and TLS are used in other OS-es), other companies are working to find a solution to. 
Microsoft has offered a workaround (disabling SSL/TLS  renegotiation) for IIS servers.If you are interested, please read KB  article 977377 . Be aware that after you apply this workaround some application will not work as expected (more on this in KB article).

If you want Wireless to be enabled in Windows Server 2008 R2 you have to add feature called Wireless LAN service
Please follow this link to learn how.   

If you are like me: trainer, you need Hyper-V server to be able to show all those new stuff to your students, and you want to have Internet access from within your virtual machines, and you are most of the time in classrooms or conference rooms only with Wireless access, you will probably be disappointed to learn that Hyper-V does not support Wireless network adapters. That might be a problem, but, believe me, it’s not a problem  :-). 
Don’t try to do this on your production Hyper-V servers!  

The easiest way to have your virtual machines running on Windows Server 2008 R2 with Hyper-V role installed and surf the internet using wireless adapter is to create bridge between Wireless and LAN.   

Here is how to do it:   

1. Create External network connected to your real Network adapter in hyper-V virtual network manager (if you don’t have it already). As you may see on this picture I have Broadcom NetLink (TM) Gigabit Ethernet
   

   Hyper-V Virtual Network Manager

2. Now you have one additional network adapter in your network connections
   

   Network Connections

3. Create Network Bridge using Hyper-V network adapter created in step 1 and wireless adapter.(How?:Select both network connections, right click on the selection and chose Bridge Connections option in popup dialog box) 
   

   Bridge

4. Now you have one more connection in your Network Connections window.
   

   Network Connections Bridge

5. In Hyper-V virtual network manager you will see new external network adapter you could use to create Hyper-V network adapters called MAC Bridge Miniport. You don’t need it !  

   

   Hyper-V virtual network manager with bridged connection

    

6. In network settings of your virtual machine choose  the network you created in step 1. 

Don’t forget to connect to the wireless network . Here’s how it’s look like: 

Hyper-V virtual machine surfing wireless

Microsoft released a document on technet few months ago, explaining how to install Windows Hyper-V Server 2008 R2 to USB stick. This configuration is supported only for OEM’s and only if you have permanently installed USB stick. If you want to know how to do it, please visit: http://technet.microsoft.com/en-us/library/ee731893(WS.10).aspx. There is also a tool to automate the process. You can find it on MSDN: http://code.msdn.microsoft.com/BootHVSR2FromUSB.

The question I usually hear from my students is: “Is it possible to install Windows Server 2008 R2 this way”. The answer to this question is: “Yes it is”. But you have to know that this is not supported or advised to do by Microsoft.
The process is exactly the same as with Windows Hyper-V Server 2008 R2, so please follow the instructions on Microsoft technet site. You will however need to do some additional modifications (if you want to avoid blue screen).

1. When you create fixed size vhd file, let it be at least 10GB in size! 12GB is highly recommended (if you want to have enough place for updates etc.)
2. USB stick should be at least 16 GB in size - minimum system requirements for foundation server is 10 GB, and for Standard is 32GB. I installed Windows Server 2008 R2 standard edition to 12GB vhd file with no problems
3. If you are using automated tool found here, it will probably hang at the end. Then please, manually repeat steps 5 and 6 found in the technet document.
4. Before step 7, please do the following:

• Open registry editor, select HKLM, click on file/load Hive, navigate to disk R:\windows\system32\config (the drive you mounted vhd from USB stick), and open SYSTEM. Give it some name, like: Hyper-V.
• Open hyper-V  subkey (or whatever name you entered in previous dialog box)  under HKLM, open ControlSet001/Control. Edit BootDriverFlags value and enter 4.

  

   

• Open hyper-V  subkey (or whatever name you entered in previous dialog box)  under HKLM, open ControlSet001/Control/PnP. Edit PollBootPartitionTimeout and enter 30000 (Decimal)

  

• Now you ready to dismount VHD (step 7 in original documentation) and ready to boot you newly created syspreped installation of Windows Server 2008 R2.

Be aware that you have to boot from USB stick (change it in your BIOS or pres F9, or F8, or whatever shortcut is used on your computer to pop up boot devices screen).
Also be aware that some steps could take a looooooot’s of time (it took about 3 hours to finish sysprep process on my machine with Hyper-V server, and just around 40 minutes with Windows Server 2008 R2).
After this slow process Windows server will work like a baby – it boots in 35 seconds on HP Compaq 6710b from Flash Voyager GT Corsair 16GB USB.

When I answered this question to my students the second question was: “Is it possible to do this with windows 7?”. 
The answer is: “Please try and let me know ” 
The process is the same, and it’s working with Windows 7 to.