Recently I installed the first server with Windows Server 2012 and Hyper-V.
After creating the first virtual machine and a little testing, I continued with the setup. Domain join, Antivirus, the usual…
Later on I created another VM and…:
Hyper-V Virtual Machine Management service Account does not have permissions to open attachment. New Virtual Machine “ABC”: failed to add device ‘Virtual Hard Disk (Virtual Machine ID xyz)’
General access denied error (0x800700005).
I searched for this in the internet, but found nothing. What could have caused a permission change on the service account?
Yes, Group Policies. Our standard group policies are overwriting the following settings used by Hyper-V:
Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => User Rights Assignment:
- Act as a part of the operating system
- Log on as a service
- Perform volume maintenance tasks
The solution for the problem:
Add NT AUTHORITY\SYSTEM, NT AUTHORITY\SERVICE and NT AUTHORITY\NETWORK to each of the Policies 😉
By the way: This is applicable to Windows 8 as well.