Jul 16 2019 11:49 PM - edited Dec 06 2022 05:00 PM
Jul 16 2019 11:49 PM - edited Dec 06 2022 05:00 PM
Continued from old TechNet blog discussion...
Thanks @Aaron Margosis. I've figured out what is preventing clipboard file copying. It is the GPO setting "Do not allow drive redirection" (Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection).
Haven't figured out why applying the security baseline disables guest VM network connectivity through the "Default Switch" (automatically created on Client Hyper-V), but a solution is to connect guest VMs directly to the external network adapter using the "External Switch".
UPDATE: Network connectivity issues caused by GPO blocking local firewall rules (inbound allow rules are needed for Default Switch to work, see below discussion).
Aug 06 2021 09:10 PM
@Deleted did you ever figure out what in the Security Baseline was blocking the "Default Switch" in Windows 10 Hyper-V to allow the virtual machines to have internet access? I am really wanting to have an environment where the Security Baseline is applied, but need the same capability you have mentioned. I don't want to do the workaround of creating another external Virtual Switch, as I've actually found that has impacted internet connectivity bandwidth on the host device.
Aug 06 2021 09:51 PM - edited Dec 06 2022 05:02 PM
@mattgailer I believe it was an inbound firewall issue.
The Security Baseline disables local firewall rules for Public networks, so the auto-generated Hyper-V Container Networking allow rules (inbound) aren't applied - you'll have to manually allow UDP inbound on local ports 53, 67, 68 via GPO or allow local firewall rules.
From memory that was the only issue, and things like ''Prohibit use of Internet Connection Sharing on your DNS domain network'' are fine to leave as Enabled.
Hope that helps!
Aug 17 2021 08:18 AM
I think I'm facing similar issues here; Intune enrolled PC with Security Baseline applied, Default Swtich won't work. VM does not seems to get an IP address.
Can anyone be more specific on the firewall rule that has to be made?
Aug 17 2021 03:53 PM
Aug 18 2021 06:00 AM - edited Aug 18 2021 06:38 AM
Thank you sir. Will test this and come back with results. :)
Edit: It worked right away! Had a VM open, unassigned me from Security Baseline, synced with Company Portal, and suddenly the VM got a IP and all is good.