Thursday, October 13, 2011

Windows Authorization Manager in Hyper-V

In the computer security world, they are few types of access that been develop to secure the system. The type was as below:

Discretionary access control which is define by Trusted Computer System Evaluation Criteria it is a mean of allow access to object by identity

Mandatory access control which it is mean of access to object it is base on the sensitively or mostly we called label. I see this is implemented in the linux which we call selinux. As I do research windows does have the similar function which we called Mandatory Integrity which have been implemented into windows application such as Internet Explorer.

Role base access control is by all mean restrict system access to authorized users, which mean if he only do print job, he just can take care those. 

Windows authorization manager or in short we called as AZMAN was first introduce in windows 2003 and later on it have been improved in the later version of Windows 2008.

In Hyper-V Security azman have been divided into 3 areas which is :

1)services operation
2)networking operation 
3)virtual machine operation.

To get a started, on the hyper-v host type azman.msc, if you notice you will get a empty screen.

The next step, you need to right click the authorization manager and it will bring you to the screen as below.

On the screen below, you will see that you will have 3 options, but on this article I will show you the xml format. The location of the xml is at c:\programdata\microsoft\windows\hyper-v\initialstore.xml.

Once you press ok, you will see the authorization manager screen as below.

I will cover more examples on how to create a delegation base to the individual for usage. Another risk that I see on the xml, if someone can login at the sametime he or she can alter the files and might be causing some problems. So please do make sure backup and securing remote desktop and files services is in place.

No comments:

Post a Comment