DevAdmin Blog

Blog di Ermanno Goletto (Microsoft MVP Directory Services - MCSE - MCSA - MCITP - MCTS)
posts - 1026, comments - 598, trackbacks - 8

My Links

News

Il blog si è trasferito al seguente link:

www.devadmin.it

Avatar

Visualizza il profilo di Ermanno Goletto su LinkedIn

Follow ermannog on Twitter


Il contenuto di questo blog e di ciascun post viene fornito “così come é”, senza garanzie, e non conferisce alcun diritto. Questo blog riporta il mio personale pensiero che non riflette necessariamente il pensiero del mio datore di lavoro.

Logo Creative Commons Deed


Logo SysAdmin.it SysAdmin.it Staff


Logo TechNet Forum TechNet Italia @ForumTechNetIt Follow TechNet Forum on Twitter


Logo MVP

Article Categories

Archives

Post Categories

Blogs

Friends

Knowledge Base

MVP Sites

Resources

Virtual Server 205 R2 Security

Per avviare automaticamente una macchina virtuale occorre specificare un account sotto cui girerà tale macchina. Tale utente dovrà avere i privilegi sufficienti per avviare la macchia e a tal proposito di veda Modifying general virtual machine properties che riporta:

The minimum permissions required for this account are as follows:

  • On the .vmc file: Read Data, Write Data and Execute File
  • On the .vhd file: Read Data, Read Attributes, Read Extended Attributes, and Write Data
  • On the .vnc file if a virtual machine is connected to a virtual network: Execute File, Read Data, Read Attributes and Read Permissions
  • On the folder containing the .vmc file, for a virtual machine to have the ability to save state: List Folder and Write/Create File

 

E' possibile assegnare tali permissions configurando le Virtual Server Security Settings come indicato in Configuring Virtual Server security settings in modo da impostare correttamente le permission sulla macchina virtuale e sulla virtual network come indicato in Configuring virtual machine security.

Di seguito il legame tra permissions su file system e permission sulla virtual machine:

List Folder/Read Data

View configuration information for this virtual machine.

View the VMRC display for this virtual machine.

Create Files/Write Data

Modify the configuration of this virtual machine.

Traverse Folder/Execute File

Manage the state of this virtual machine.

Manage this virtual machine by using VMRC.

Delete

Delete this configuration file.

Read Permissions

Read permissions on the virtual machine configuration file.

Change Permissions

Change permissions on the virtual machine configuration file.

Di seguito il legame tra permissions su file system e permission sulla virtual network:

List Folder/Read Data

View configuration information for this virtual network.

Read Attributes

View configuration information for this virtual network.

Create Files/Write Data

Modify the configuration of this virtual network.

Traverse Folder/Execute File

Connect to this virtual network.

Delete

Delete the virtual network configuration file.

Read

Read the virtual network configuration file.

Change

Change the virtual network configuration file.

In particolare si noti come senza le opportune permissions (Traverse Folder/Execute File) non sia possibile connettersi alla virtual network.

Per ulteriori approfondimenti su come le iimpostazioni di configurazione di Virtual Server 2005, delle virtual machines, delle virtual networks e dei virtual hard disks siano controllate dalla discretionary access control lists (DACLs) sulle directorye i files di Virtual Server si veda File system security settings for Virtual Server.

Print | posted on Wednesday, July 30, 2008 9:23 PM | Filed Under [ Tips Security IT ]

Powered by:
Powered By Subtext Powered By ASP.NET