Hypervisor Finder

How to determine a VM's host hypervisor.

Q: What's the best way to tell what hypervisor type a VM is running?

A: The easiest way to figure out the underlying hypervisor of a VM is by querying its virtual MAC address. You can do this by running ipconfig /all when connected to any Windows VM.

Note: A mac address can be manually set by administrators in which case this solution would not work.

Here are the OUIs of the major virtualization platforms:

• Microsoft: 00-03-FF
• SWsoft: 00-18-51
• Virtual Iron: 00-0F-4B
• VMware: 00-0C-29 and 00-50-56
• XenSource: 00-16-3E

VMWare Power Shell

vm infrastructure toolkit for windows

provides a core set of powershell cmdlets

for managing vi.
- Focuses on virtual machine lifecycle
eg: get-vm; new-vm; remove-vm; set-vm;

start-vm; stop-vm etc

- Core infrastructure management
eg: get-log; get-task etc

USAGE
First thing to do after launching powershell

with vm toolkit is to get connection to a

virtualcenter or esx server

Use get-viserver or get-vc/get-esx with the

address of virtuacenter or esx server

eg: get-viserver 1.2.3.4 you are then

prompted for username & password

Use without parameters and powershell will

prompt you for everything

After establishing session you are able to

use rest of the provided cmdlets.
Session information is stored in a

powershell variable $defaultviserver

Further cmdlet invocations will get their

server information from that variable unless

explicitly specified to use another server

BROWSE ENVIRONMENT
get-vm - To get all virtual machines on the

connected server

get-vmw web* or get-vm | where ($_.name -

like "web*") - To get all virtual machines

starting with the name "web"

get-folder webTier | get-vm - To get all

virtual machines under webTier folder

get-folder webtier | get-vm | where

(&_.pwerstate -ne "poweredon") | start-vm -

T start all virtual machines under webtier

flder that are nt currently powered on

WINDOWS 2008 GROUP POLICY TECHNIQUES

With the advent of windows server 2008 comes a wealth of new and improved group policy settings. (Approx 700). Some settings are in new categories and others are additional, corrected or more convenient settings in existing categories.

New Categories:
network access protection
device installation control
removable storage restrictions
power management
printer driver installation delegation
hybring hard disk
troubleshooting and diagnostics
user account control

Changes to existing categories
ipsec and firewall
ad-based printer deployment
taskbar and start menu
shell visualization
synchronization scheduling
customized help resources

Microsoft Spreadsheet listing all new and changed policy settings for windows 2008 can be found by searching vistagpsettings.xls @ microsoft.com

HOW 2008 Stores group settings
.adm file format is replaced with .admx format
admx offers benefits such as central-store management on domain controllers, multi-language support, and dynamic loading.

Vista and 2008 are required to read admx files.

You can obtain adm-to-admx migration tool from microsoft called ADMX Migrator

NETWORK ACCESS PROTECTION (NAP)
Lets administrators set conditions under which workstations are allowed to connect to the main network.

eg: laptop user turns off firewall over the weekend will not be granted access monday morning until the firewall is turned back on. Or NAP client will automatically turn the firewall back on without user intervention - called AUTO-REMEDIATION

NAP also provides for automatic redirection of 'unhealthy' clients to a separate subnet or subdomain where they could download security patches to bring themselves back into compliance.

system health policies can be enforced by dhcp running on windows 2008 for clients accessing the network locally and rras service for clients accessing network remotely.

3rd party antivirus software vendors are expected to create agents that can extend NAP to include rules for updated virus signatures

DEVICE INSTALLATION CONTROL
Allows admins to setup a driver store of known good/safe drivers any user is permitted to use and install.

REMOVABLE STORAGE RESTRICTIONS
To dny read access/write access or both to following device types:
cd/dvd; floppy; removable disks; tape drives; wpd devices; custom class (defined by device guid)

POWER MANAGEMENT
Allows control of power-management features of laptops

PRINTER DRIVER INSTALLATION DELEGATION
Frequently administrators need to keep users with administrative rights is due to printer driver instalaltion. Limited or standard users can not install printer drivers.

Windows 2008 you can delegate the ability for members of the Users group to install devices or particular setup class. (determined through guid)

Policy only works for signed device drivers. Unsigned drivers will still need to be insatlled by administrators