Book Image

Hyper-V Security

By : Eric Siron, Andrew Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andrew Syrewicze

Overview of this book

Table of Contents (15 chapters)
Hyper-V Security
About the Authors
About the Reviewers

Disabling unnecessary components

A general rule in hardening any system is to turn off any system components that lack an identified, definite need. A good place to start narrowing this list to Hyper-V is with the list of roles that Microsoft doesn't support when Hyper-V is enabled. At this time, Microsoft has not published any official statement, but Hyper-V MVP Alessandro Cardoso has written an article on his blog that lists what roles are supported, viewable at These items are:

  • File and Storage Services

  • Failover Clustering components

  • Multipath I/O

  • Remote Desktop Services

Although not specifically mentioned, management tools for all the preceding components as well as for Hyper-V are also allowed.


If other roles or features are desired, install them in a virtual machine.

The simplest approach is to not enable any features or roles after installing the management operating system, except Hyper-V and entries...