Fun Times with Administrative Shares

So, I have my nice, shiny, clean install of Hyper-V Server 2016. Thanks to some wisdom by one of my ML friends, Timothy Gruber, I have everything configured to manage my new server from my Windows 10 desktop — alas, I don’t know of any Hyper-V management tools for Linux.

Using a remote PowerShell connection, I configured my D:\ drive on the Hyper-V host, to be ready to store ISOs and VHDXs. So the next logical step would be, get some ISOs on this thing and start making some VMs! Administrative shares could be just the tool for the job. After all, I should be able to do something like this New-PSDrive -Name X -Root "\\MYHOST\C$" -Credential (Get-Credential) -PSProvider FileSystem, feed it the administrator credentials for my Hyper-V host, then go to town copying some ISOs over — especially since Get-SMBShare shows they’re available. But alas! The remote location cannot be found.

Prior to this I edited my hosts file (still sucks that I have to go to C:\Windows\System32\Drivers\Etc to get something that should just live in /etc), so hostname resolution shouldn’t be a problem. I also set the network profile on the Hyper-V host to be private. However, attempting to access that share while running Wireshark yielded TCP re-transmissions for traffic destined to port 445 on my Hyper-V host. Also, Test-NetConnection with -Port 445 failed.

This thing just isn’t accepting my traffic. Thinking a bit + Googling, has yielded me a few possible solution to this. First, I could install the File Services role on my Hyper-V host. I’d like not to do this, since I really don’t want this box being more than a hypervisor. Since this is supposed to just be the Hyper-V hypervisor, that role might not even be available. Second, I could try to open port 445 specifically within the Windows firewall. Third, I could try to open a group of items within the Windows Firewall — found that on some article via Google. Fourth, sneakernet.

Since this is just for a lab, I ought to use sneakernet and be done; however, I’m thinking about what if I didn’t have physical access to this machine. What would make sense to be able to transfer files to it. I would imagine the answer would be along the lines of create an SMB share — which, really isn’t necessary since the administrative shares are there, and clearly the host is dropping SMB traffic.

As I’ve rambled on, I think I know my answer. Open port 445, transfer what I need to transfer, then close it. Well, it’s time to put that to the test :D. Since I have my Linux lab in colo, I’m currently creating a VM for Hyper-V server and another for Windows 10, to test these scenarios and see what least amount of change and exposure can be done to get some ISOs onto my new Hyper-V host.