Performing Out-Of-Band File Copies to Hyper-V Virtual Machines

There are a number of features in Hyper-V that are not immediately obvious because they are not visible in the GUI. One of these features is the Guest Services integration service.

When this feature is enabled you can perform non-network, out-of-band file copies via the Hyper-V VMBus into a running virtual machine. A lot of Hyper-V administrators will be happy as it makes several operational tasks a lot easier. Here is an outline of how you can use Copy-VMFile to do this kind of file copy.

The Need for Out-of-Band File Copies

Multi-tenancy, the need to run lots of isolated networks on an infrastructure, is no longer something restricted to the hosting business. That’s where I first worked in a multi-tenant environment. Using vSphere, and then Hyper-V, I managed farms where many customers used virtual machines that resided on firewall isolated VLANs. Every now and then we had to do maintenance work. Sometimes this was proactive maintenance and sometimes a customer asked us to help out with something. The latter usually required more effort.

If a customer wanted to install a service pack on SQL Server then I had two choices in older versions of Hyper-V. Those two options would be:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

  1. First, I could log into that virtual machine, open the browser, and download the service pack. This is where security-focused engineers go crazy. No one should ever browse the Internet from a production virtual machine.
  2. Alternatively I could download the zip file from Microsoft to a central library. After that, I’d reach a point where problems began.

If the service pack came as an ISO file I could put it in the System Center Virtual Machine Manager (SCVMM) library and edit the virtual machine settings to mount the ISO. This uses host networking to connect to the SCVMM library so the virtual machine’s isolation was a non-factor.

Unfortunately, SQL service packs, like lots of other software, did not come as ISO files. This meant I had to use a tool to create ISOs. That made more work for me. There’s also the issue of ISOs being accidentally copied to the virtual machine’s storage location (the unfortunate default action) instead of being mounted across the network.

A simple file copy would be easier, if only it was possible.


Microsoft added a new Hyper-V integration service called Guest Services which allows Hyper-V administrators to copy a file into a virtual machine via the VMBus. The virtual machine’s network connection is not used or even required. This out-of-band copy would have solved my issue with making installer files available inside of network-isolated virtual machines.

Copying a file into a virtual machine is fairly simple. There are two steps, with an optional third clean-up step:

  1. Enable the Guest Services integration service
  2. Copy the file into the virtual machine using the Copy-VMFile PowerShell cmdlet
  3. Optionally disable the Guest Services integration service

Guest Services is disabled by default. This was a “play it safe” decision by Microsoft. Not every organization is comfortable with the idea of administrators being able to copy files into guest operating systems, especially in a public cloud.

There are two ways to enable Guest Services. The first is to edit the properties of the virtual machine in Hyper-V Manager and check the box for Guest Services in Integration Services.

Enabling out-of-band file copies to a Hyper-V virtual machine
Enable the Hyper-V Guest Services integration service

The alternative option is to run the following PowerShell cmdlet:

​ Enable-VMIntegrationService “VM01” -Name "Guest Service Interface"

Note that this step should also enable a service in the guest OS of the Windows virtual machine called Hyper-V Guest Service Interface.

You can then copy a file into a virtual machine using Copy-VMFile. The following will copy a file called test.txt from C: on the host to C: in the guest OS of a virtual machine called VM01. There is no GUI alternative for this step.

​ Copy-VMFile VM01 -SourcePath C:test.txt -DestinationPath C: -FileSource Host

Optionally, you can then disable Guest Services in Hyper-V Manager or by using PowerShell. This will disable the guest OS service called Hyper-V Guest Service Interface:

​ Disable-VMIntegrationService “VM01” -Name "Guest Service Interface"

I can imagine a scenario where you need to copy a file into lots of virtual machines. If so, you could script this action using the following code as a starting point:

​ # Populate $VM in some way, for example an array or from a text file
​ $VM = “VM01”
​ Enable-VMIntegrationService $VM -Name "Guest Service Interface"
​ Copy-VMFile $VM -SourcePath C:test.txt -DestinationPath C: -FileSource Host
​ Disable-VMIntegrationService $VM -Name "Guest Service Interface"


Some action can now be scripted, automated, or scheduled in the guest OS.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: