VMware Cloud Community
zenking
Hot Shot
Hot Shot
‎11-17-2011 06:21 AM
Jump to solution

End user local login to Windows guest?

I have a Win 2008 R2 guest in vsphere, and we have one user who needs to run a special statistical package (HLM). It won't run through a remote desktop connection. It will only run while logged in "locally" through the vsphere client. Is there something I can set up to let the end user  do that? If it's just a matter of setting up the vsphere client on her desktop, I need to configure it so she only sees that windows guest and not all of the other VMs.

My apologies, I'm sure this is documented, but we're in a time crunch so I hope to at least get pointed in the right direction. Thanks.

Tim

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
Tags (3)
0 Kudos
1 Solution

Accepted Solutions
weinstein5
Immortal
Immortal
‎11-17-2011 06:28 AM
Jump to solution

Yes it is as simple as loading the vSphere client on here desktop - through the use of permissions you will be able to limit her access to only that single VM - 

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

View solution in original post

0 Kudos
7 Replies
weinstein5
Immortal
Immortal
‎11-17-2011 06:28 AM
Jump to solution

Yes it is as simple as loading the vSphere client on here desktop - through the use of permissions you will be able to limit her access to only that single VM - 

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
zenking
Hot Shot
Hot Shot
‎11-17-2011 08:11 AM
Jump to solution

OK, thanks. I'm going to put my trial and error info here in case it's useful to others. If anyone sees any gotchas here or thinks there's a better tool for this, please let me know.

I set up a local user role (Local VM User) with (I thought) only the ability to interact with the guest console (It turned out that I had to edit the role again - more on that in a bit).

I assigned the server's local user group to that role. I associated the role to the single VM. I created a local test user in my vcenter server. That user account matches a local account I have on the terminal server vm. When I log into vcenter with that account, in the left window I see the datacenter object, but no hosts. On the right side, I see only the vm I've been assigned to. So far, so good.

I can right-click the vm and choose Open Console, and then I can log in locally. That's the ultimate goal, but there are a few things I can do as test user that I need to prevent -

-I can choose "Edit Settings". I'd like to make that dimmed out if I can.

If not -

- Most choices are dimmed out, but under the hardware tab, I can choose the network adapters and check/uncheck the Device Status boxes.

- Under Options, I can change boot options, cpu virtualization and swapfile location

Under the client view menu, I can navigate to Administration and see Users and Roles, so I'd like to prevent that if possible.

I went in as admin to reconfigure the role so that the only permission is Interaction with Console. Now the Edit Settings option is dimmed out.

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
0 Kudos
zenking
Hot Shot
Hot Shot
‎11-17-2011 10:38 AM
Jump to solution

Errrrr ... Ok, my admin account appears to have the console only permission to this particular vm, probably because the admin account is in the users group. I can't remove the restricted role from the permissions tab, so I guess what I'm learning from this is that roles use the most restrictive rights. Is there an easy way out of this situation? Thanks.

Edit - I just realized that I think I set the vm to not let permissions propogate, so the rights set for the admin role at the datacenter level aren't flowing down. Any suggestions?

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
0 Kudos
mwpreston
Hot Shot
Hot Shot
‎11-17-2011 12:52 PM
Jump to solution

No need to install the client...Just use the Virtual Machine Remote Console URL option.

Log into your vCenter's web services..

Find the VM you want to give access to and click on it.  Then on the left hand side click Generate Virtual Machine Shortcut.

This will give you a URL that will go directly to the VM's console

Give it a shot

zenking
Hot Shot
Hot Shot
‎11-17-2011 01:28 PM
Jump to solution

Thanks. I had to install the plug in and it's prompting to restart, but I haven't done that yet. Do you have any comments on user experience for the browser console vs the client console?

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
0 Kudos
RParker
Immortal
Immortal
‎11-17-2011 01:46 PM
Jump to solution

You can also run programs even when they say they won't with the /admin parameter from a remote console.  This "pretends" to be on the console screen as if you were running at the desktop.  Might help so you don't need to give people VI console.

mstsc /v:servername /admin

Caveat is you must be running RDP 6.1 client version or later

0 Kudos
mwpreston
Hot Shot
Hot Shot
‎11-18-2011 05:15 AM
Jump to solution

No, I’ve never actually had a use for it…

Best just to try it out…☺

Mike Preston

Information and Technology Analyst

0 Kudos