How to specify user permissions for managing a Hyper-V machine on a LOCAL host?

this seems to be possible. https://blogs.msdn.microsoft.com/virtual_pc_guy/2008/01/17/allowing-non-administrators-to-control-hyper-v/ here is more information about it.

I have poked around a bit with it to see how it works. it seems to go like this.

1. Open MMC
2. Add Snapin Authorization manager
3. Right click Authorization manager and select Open Authorization Store
4. Browse to %programdata%\Microsoft\Windows\Hyper-V\InitialStore.xml
5. Expand the items and go to Role Definitions
6. Here is only a role for Administrators listed, Right click and make a new role.
7. Click on Add to add a Permission Defition, and go to the Tab Operations
8. Select all the permissions the user should get, and then save the new Role definition
9. Go to Role Assignment and Add the role you just created.
10. In the tree view select your role under Role Assignments
11. Right click and choose Assign users and groups and then pick From Windows and Active directory

Role Based Access Control is the way to go.

In the days of Windows 2008, it was supported using the Authorization Manager tool. Sad to say that Authorization Manager is no longer supported in Windows 2012 R2.

The only way for you to control RBAC now with Windows 2012 R2 is to use SCVMM: https://technet.microsoft.com/en-us/library/gg696971(v=sc.12).aspx

In the end I was not able to find an effective way to restrict access exactly the way I wanted (boo Microsoft for removing granular options).

The workaround I'm using right now is to simply grant access to control the VM. I then provide two Powershell scripts files to my users which allow them to Start the VM and another to Connect to the VM.

At the same time, I have a GPO policy which disables access to the HyperV control panel to those specific users that have HyperV installed locally.