I have a Win 2008 R2 guest in vsphere, and we have one user who needs to run a special statistical package (HLM). It won't run through a remote desktop connection. It will only run while logged in "locally" through the vsphere client. Is there something I can set up to let the end user do that? If it's just a matter of setting up the vsphere client on her desktop, I need to configure it so she only sees that windows guest and not all of the other VMs.
My apologies, I'm sure this is documented, but we're in a time crunch so I hope to at least get pointed in the right direction. Thanks.
Tim
Yes it is as simple as loading the vSphere client on here desktop - through the use of permissions you will be able to limit her access to only that single VM -
Yes it is as simple as loading the vSphere client on here desktop - through the use of permissions you will be able to limit her access to only that single VM -
OK, thanks. I'm going to put my trial and error info here in case it's useful to others. If anyone sees any gotchas here or thinks there's a better tool for this, please let me know.
I set up a local user role (Local VM User) with (I thought) only the ability to interact with the guest console (It turned out that I had to edit the role again - more on that in a bit).
I assigned the server's local user group to that role. I associated the role to the single VM. I created a local test user in my vcenter server. That user account matches a local account I have on the terminal server vm. When I log into vcenter with that account, in the left window I see the datacenter object, but no hosts. On the right side, I see only the vm I've been assigned to. So far, so good.
I can right-click the vm and choose Open Console, and then I can log in locally. That's the ultimate goal, but there are a few things I can do as test user that I need to prevent -
-I can choose "Edit Settings". I'd like to make that dimmed out if I can.
If not -
- Most choices are dimmed out, but under the hardware tab, I can choose the network adapters and check/uncheck the Device Status boxes.
- Under Options, I can change boot options, cpu virtualization and swapfile location
Under the client view menu, I can navigate to Administration and see Users and Roles, so I'd like to prevent that if possible.
I went in as admin to reconfigure the role so that the only permission is Interaction with Console. Now the Edit Settings option is dimmed out.
Errrrr ... Ok, my admin account appears to have the console only permission to this particular vm, probably because the admin account is in the users group. I can't remove the restricted role from the permissions tab, so I guess what I'm learning from this is that roles use the most restrictive rights. Is there an easy way out of this situation? Thanks.
Edit - I just realized that I think I set the vm to not let permissions propogate, so the rights set for the admin role at the datacenter level aren't flowing down. Any suggestions?
No need to install the client...Just use the Virtual Machine Remote Console URL option.
Log into your vCenter's web services..
Find the VM you want to give access to and click on it. Then on the left hand side click Generate Virtual Machine Shortcut.
This will give you a URL that will go directly to the VM's console
Give it a shot
Thanks. I had to install the plug in and it's prompting to restart, but I haven't done that yet. Do you have any comments on user experience for the browser console vs the client console?
You can also run programs even when they say they won't with the /admin parameter from a remote console. This "pretends" to be on the console screen as if you were running at the desktop. Might help so you don't need to give people VI console.
mstsc /v:servername /admin
Caveat is you must be running RDP 6.1 client version or later
No, I’ve never actually had a use for it…
Best just to try it out…☺
Mike Preston
Information and Technology Analyst