Are you having issues with Hyper-V VMs and experiencing similar issues as explained here? The solution to these issues is to fix the permissions of the Hyper-V, but do you know exactly what permissions are needed or what's missing? Stop thinking!
Use the script attached to this post or as shown below. How does it work?
The script is used as a drop-target. A what? A drop-target! Select all the corresponding Hyper-V VM folders and files and drop it on the icon of the script. At that point the script will figure out the correct permissions that are needed to use the VM in Hyper-V.
Let's talk credits. Credits should go to me for posting this stuff while being watched! J
Credits for the script go to a person that:
- Is British
- Used to be an MVP for Directory Services
- Loves scripting, especially "batch" (he wanted to create a spell checker in batch)
- Now loves PowerShell
- Would like to sell that to the world as "PoSH"
- Now walks the grounds of the "Dark Side" managing DS Stuff
- Appeared in some cool video a few months back wearing weird stuff
I think you now know who he is. If you don't you'll figure it out some way! J Trust me!
------------------------------------------
:: fix HyperV ACLs.CMD / Dean Wells (DeanWe), Microsoft / October 2008
:: Script adds a suitable ACE (NT Virtual Machines\Virtual Machines or VM-specific) to any number of files supplied as arguments
:: (drag and drop works best) permitting them to be used by the Windows HyperVisor without rendering permissions errors. Special
:: case logic is included to handle symlinks and the permissioning differences required between VHDs and XML configuration files.
@echo off
set issuingAUTHORITY=NT Virtual Machine
set groupPRINCIPAL=Virtual Machines
set EXITcommand=pause
set FAILED=0
set FAILEDfile="%TEMP%\%~n0.$$$"
del %FAILEDfile% 1>nul 2>&1
title Hyper-V ACL fixerupper ...
if "%~1"=="" (
echo/
echo #ERROR - nothing to do!
goto :END
)
echo/
:LOOP
:: Restore default environment for each iteration
set icaclsSUFFIX=
set SECURITYprincipal=%groupPRINCIPAL%
set shortSECURITYprincipal=Group ACE
set PERMISSION=RW
set FILEtype=%~x1
:: Assume the absence of an extension indicates a folder [it's not pretty but it'll do in this context]
if "%FILEtype%"=="" (
set FILEtype=folder
set icaclsSUFFIX=/t
)
:: Determine file type [VHDs require "RW" while the XML configuration files and their symlinks require "F"]
:: For VHDs, we assume many VMs _may_ require access to the file so we add the "NT Virtual Machine\Virtual Machines" ACE
:: For XML configuration files and their symlinks, we treat those as private and add the VM-specific ACE
echo "%~a1" | find /i "l" 1>nul 2>&1
if not errorlevel 1 (
set icaclsSUFFIX=/l
set FILEtype=symlink
set SECURITYprincipal=%~n1
set shortSECURITYprincipal=VM ACE
set PERMISSION=F
) else (
if /i "%FILEtype%"==".xml" (
set PERMISSION=F
set SECURITYprincipal=%~n1
set shortSECURITYprincipal=VM ACE
)
)
set HYPERVfile=%~n1 [%FILEtype% / %shortSECURITYprincipal%:%PERMISSION%] ..............................................
set HYPERVfile=%HYPERVfile:~0,67%
set /p=+ %HYPERVfile% <nul
icacls "%~1" /grant "%issuingAUTHORITY%\%securityPRINCIPAL%":%PERMISSION% %icaclsSUFFIX% 1>nul 2>&1
if errorlevel 1 (
icacls "%~1" /grant "%issuingAUTHORITY%\%groupPRINCIPAL%":%PERMISSION% %icaclsSUFFIX% 1>nul 2>&1
if errorlevel 1 (
set FAILED=1
echo #FAILED!
echo %~n1 [%FILEtype% / %shortSECURITYprincipal%:%PERMISSION%] >>%FAILEDfile%
) else (
echo SUCCESS!
)
) else (
echo SUCCESS!
)
shift
if not "%~1"=="" goto :LOOP
echo/
if not "%FAILED%"=="1" (
color 2E
echo The command completed successfully.
set EXITcommand=ping -n 6 localhost
) else (
color 4E
echo #ERROR - the following Hyper-V file
was/were not permissioned correctly:
echo/
type %FAILEDfile%
)
:END
%EXITcommand% 1>nul 2>&1
------------------------------------------
Cheers,
Jorge
--------------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
--------------------------------------------------------------------------------------------------
############### Jorge's Quest For Knowledge ###############
######## http://blogs.dirteam.com/blogs/jorge/default.aspx #########
--------------------------------------------------------------------------------------------------