Q: Does Microsoft provide a mechanism to restrict which administrators can manage a particular Hyper-V virtual machine (VM)? I want to make sure that VM administrators can only manage their VMs and can't touch the parent partition.

A: You can use the Authorization Manager (AzMan) to define specific roles for VM administrators on a Hyper-V server, and to ensure that they have permissions only for their respective VMs.

Microsoft introduced AzMan in Windows Server 2003 to let developers and administrators easily add role-based access control (RBAC) rules to their applications. Unfortunately, few Windows administrators have used AzMan and know how to configure it. For an excellent description of how to set up AzMan for delegating permissions on a Hyper-V server, see this blog.

In this context, it's worth mentioning System Center Virtual Machine Manager (VMM), Microsoft’s enterprise management solution for virtualization servers and VMs. VMM reduces the complexity of configuring and managing AzMan authorization rules. More information about VMM is available on Microsoft's site.