Virtual Hard Disk (.vhd file) contents may be accessed by all users after you mount the file as a loopback device in Windows Server 2008

Virtual Hard Disk (.vhd file) contents may be accessed by all users after you mount the file as a loopback device in Windows Server 2008

Article ID : 954358
Last Review : June 23, 2008
Revision : 2.0

SYMPTOMS

Consider the following scenario. You mount a Virtual Machine hard disk file (.vhd file) as a loopback device in Windows Server 2008. The .vhd file is now available as a virtual hard disk. In this scenario, users may access the virtual machine, and they can read from or write to the virtual hard disk.

Back to the top

CAUSE

This issue occurs if you mount a .vhd file as loopback device by using the Hyper-V Windows Management Instrumentation (WMI) APIs.

Back to the top

WORKAROUND

To enforce the security of the contents of a .vhd file that is mounted as a loopback device, use one of the following methods:

• Configure NTFS file system permissions on files and folders in the mounted .vhd file.
• Use a separate server to which virtual machine users do not have access.

Back to the top

REFERENCES

For more information about Hyper-V, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver2008/en/servermanager/virtualization.mspx (http://technet2.microsoft.com/windowsserver2008/en/servermanager/virtualization.mspx)

Back to the top


APPLIES TO
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard

Back to the top

Keywords: 
kbpermissions kbfile kbwmi kbexpertiseadvanced kbbug kbtshoot KB954358

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image