Issue:
Resolution:
- Click >
- Double-click the Hyper-V Administrators group > Click Add > In the Enter the object names to select field, enter the user account name to whom you want to assign permissions > OK > Apply > OK
- Double-click the Administrators group > Click Add > In the Enter the object names to select field, enter the user account name to whom you want to assign permissions > OK > Apply > OK
Alternatively, one can run a script such as:
$remoteComputers='HyperVServer1','HyperVServer2'
$newMembers='intranet\HyperV Admins'
$localGroup='Hyper-V Administrators','Administrators'
$domainAdminCred=$null
function addUserToLocalGroup{
param(
$computername=$env:computername,
$accountToAdd,
$accountPassword=$null,
$localGroup='Administrators',
$domainAdminCred=$null
)
try{
$session=if($domainAdminCred){
new-pssession $computername -Credential $domainAdminCred -ea Stop
}else{
new-pssession $computername -ea Stop
}
}
catch{
write-warning $_
return $false
}
invoke-command -session $session -scriptblock{
param($principleName,$password,$groupName)
$osVersion=[System.Environment]::OSVersion.Version
$psVersion=$PSVersionTable.PSVersion
$computerRole=switch ((Get-WmiObject Win32_OperatingSystem -EA Silentlycontinue).ProductType){
1 {'client'} # ClientOs
2 {'domaincontroller'} #ServerOs with DC role
3 {'memberserver'} #ServerOs machines
}
if($computerRole -eq 'domaincontroller'){
write-warning "$env:computername is a Domain Controller. Local Users and Groups are not applicable."
return $false
}
$members=if($osVersion -gt [version]'6.3.9600.0' -or $psVersion -ge [version]'5.1'){
(get-localgroupmember $groupName).Name
}else{
$x=net localgroup $groupName
$x[6..$($x.length-3)]
}
$localUsers=if($osVersion -gt [version]'6.3.9600.0' -or $psVersion -ge [version]'5.1'){
(get-localuser).Name
}else{
$x=net user
$x[4..$($x.length-3)] -split ' '|?{$_.trim()}
}
if(!($members|?{$_ -eq $principleName -or $_ -eq "$env:computername\$principleName"})){ # backward compatible with legacy PowerShell
try{
if(!($localUsers|?{$_ -eq $principleName}) -and $principleName -notmatch '\\'){
if($osVersion -gt [version]'6.3.9600.0' -or $psVersion -ge [version]'5.1'){
$encryptedPass = ConvertTo-SecureString $password -AsPlainText -Force
New-LocalUser -name $principleName -Password $encryptedPass -FullName "$principleName"
}else{
$null=net user $principleName "$password" /add /passwordreq:yes /fullname:"$principleName"
}
}
write-host "Adding $principleName into $groupName on $env:computername"
if($osVersion -gt [version]'6.3.9600.0' -or $psVersion -ge [version]'5.1'){
Add-LocalGroupMember -Group $groupName -Member $principleName -ea Stop
}else{
$null=net localgroup $groupName /add $principleName
}
$currentMembers=if($osVersion -gt [version]'6.3.9600.0' -or $psVersion -ge [version]'5.1'){
(get-localgroupmember $groupName).Name
}else{
$x=net localgroup $groupName
$x[6..$($x.length-3)]
}
if($currentMembers|?{$principleName -eq $_}){
write-host "$principleName has been added to $groupName successfully`r`n$($currentMembers|out-string)"
return $true
}else{
write-host "$principleName has NOT been added into group $groupName`r`n$($currentMembers|out-string)"
return $false
}
}catch{
write-warning "$error"
return $false
}
}else{
write-host "$principleName is already a member of $groupName."
return $true}
} -args $accountToAdd,$accountPassword,$localGroup
remove-pssession $session
}
$remoteComputers|%{
$computer=$_;
write-host "Checking $computer..."
$newMembers|%{addUserToLocalGroup $computer $_ $newPassword $localGroup $domainAdminCred}
}
Categories: