Book Image

Hyper-V Security

By : Eric Siron, Andy Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andy Syrewicze

Overview of this book

Hyper-V Security is intended for administrators with a solid working knowledge of Hyper-V Server, Windows Server, and Active Directory. An administrator with a functional environment will be able to use the knowledge and examples present in this book to enhance security.
Table of Contents (10 chapters)
9
Index

Configuring NTFS security for VM storage


Every major component of a virtual machine is stored in a file. Like any file, access must be carefully controlled. If an attacker is able to retrieve a copy of a VM's VHDX file, then it can be easily mounted and its contents can be exploited.

Fortunately, NTFS security for Hyper-V is fairly complete right out of the box. This section is less about what to do and more about what not to do.

Every Hyper-V host has a default location for virtual machine configuration files and a default location for virtual machine hard drive files. Most administrators change these right away for a variety of reasons. This is where we get into our first "don't": don't place virtual machine files directly on the root of an NTFS volume. For one thing, Windows really doesn't want to grant access to files there. For another, modifying security on the volume's root can have serious side effects. Instead, use a subfolder.

Note

Cluster Shared Volumes are attached under the C:\ClusterStorage...