I have a domain controller that is a virtual machine, last week a user logged on to it and shut it down accidentally. I need to prevent this from happening so I would like to hide this VM in Hyper-V so that users can not see it there. I have already restricted RDP connections to it, but they can still connect locally in Hyper-V.
We have a script that we use to do this called SetScope.VBS that we found online and it usually works well, I used it for a different VM DC on a different physical server and it worked perfect, that VM no longer shows up for anyone but admins.
On this particular server and VM though, it gives me a 4096 error (in case anyone is familiar with this script: http://projectdream.org/wordpress/2008/07/03/delegating-hyper-v-virtual-machines/ )
There's really no help for this error online so I think I'm out of luck trying to use this script for this VM.
Any other ideas how I can prevent certain users from logging on locally to a Virtual Machine in Hyper-V?
Best Answer
I gathered from the comments to MDMarra's answer that some users need (need or want?) to be able to start and stop VMs. If users do have a valid case for having direct control over a server, such as when they are used for dev work, consider placing those VM's on the users' workstations. Use whatever virtualisation product you like for the job, such as Virtualbox, VMWare Player, Virtual PC, etc.
Your situation screams two fundamental problems: