Contents

Previous Next

Authenticating Users and Running Virtual Machines on a GSX Server for Windows Host
Every time you connect to a GSX Server for Windows host with the VMware Virtual Machine Console or VMware Management Interface, the VMware Authorization Service requests a username and password, then authenticates only valid users.
Once you are authenticated, the console starts or the management interface's Status Monitor page appears. What you can now do with a virtual machine is based on your permissions. See Understanding Permissions and Virtual Machines.
Each virtual machine runs as one of the following three user accounts:
  • The user who powers on the virtual machine — the virtual machine runs as the account of the user who powered on the virtual machine until the virtual machine is powered off. Other users can connect to the virtual machine but it still runs as the user who powered on the virtual machine.
  • The local system account — the virtual machine runs as the local system account. You can enable this option only if you are logged in to the host operating system as an Administrator.
  • A specific user account — the virtual machine runs as the user account specified in the New Virtual Machine Wizard or the virtual machine settings editor. This account must be able to access the GSX Server host.
  • The user account is specified when you create the virtual machine and you can change it in the virtual machine settings editor.
    Understanding Permissions and User Accounts
    If the virtual machine is configured to run as the user who powers it on, the user must have Read and Write permissions to the virtual machine files, such as the configuration file, virtual disk files and snapshot files. The user account must be an administrator account if the virtual machine needs to access devices like physical disks, USB controllers and generic SCSI devices.
    An easy way to allow this user to access a virtual machine is to set the permissions for the directory containing the virtual machine files and let the user inherit the rights for that directory.
    If another user connects to this virtual machine while it is running, that user only needs permissions for the configuration file.
    For virtual machines configured to run as a specific user account or run as the local system user, any user connecting to the virtual machine needs permissions for the configuration file only.
    An easy way to allow these users to access the virtual machine is to grant Read and Write permissions to all the files in the virtual machine's directory except for the configuration file. Grant Read & Execute permission to the configuration file and disallow the inheritance of permissions on the file.
    Changing the User Account
    You can change the user account for a virtual machine by choosing VM > Settings > Options > Startup/Shutdown and changing the user account information there.
    If the virtual machine is configured to run as the user account who powers it on, you need to make sure the virtual machine is in a location that is accessible to that user. If you need to locate the virtual machines in a different area, or on another system on the network, make sure the user has access to the virtual machine resources (such as virtual disks, physical disks, devices and snapshot files).
    To change the location where virtual machines are created, see Specifying Where Virtual Machines Are Created.
    Permissions and Virtual Machine Devices
    If you intend to configure a virtual machine to use a physical disk or generic SCSI device, the user account that the virtual machine runs as must be a member of the Administrators group.
    Configuring Permissions to Access a Virtual Machine
    The system administrator (that is, the administrator responsible for setting up the host running GSX Server, not necessarily the Windows Administrator login) can set the access permissions on the configuration file using the following procedure. In general, you would want your GSX Server users to have Read permission to virtual machine configuration files; you can add any specific users that should have Read & Execute and Write permissions.
    1. Locate the configuration file on the host system. Right-click the configuration file and select Properties. The Properties dialog box appears.
    2. Click the Security tab.
    Note: If the virtual machine is stored on a Windows XP client system, and is configured to use Workgroup mode, the Security tab is hidden by default. To show the tab, on the Windows XP system, choose Start > Control Panel > Folder Options, click Advanced and clear the Simple File Sharing check box.
    3. In the Properties dialog box, select each user or group and select the appropriate permission, typically Read.
    If you want to limit access to the virtual machine, clear the Allow inheritable permissions from parent to propagate to this object check box.
    4. To specify that a user or group that should not have access to the configuration file, either click Remove or check all permissions in the Deny column to deny all permissions to that user or group.
    5. To add more users or groups, click Add. The Select Users, Computers and Groups dialog box appears. In the dialog box, select the groups or users that you want to access the virtual machine, then click Add. After you finish adding the users or groups, click OK. The users and groups are added with default Read and Write permissions. In the Properties dialog box, change the type of access for the user or group to the configuration file; choose either Read or Read & Execute and Write. Click OK to set the permissions to the configuration file.


    Previous Next