Basic VM Hardening via PowerCLI

Version 3

    The used Hardening options are not an offical best practice but for me these selection is a good balance to protect the underlaying environment without loosing functionality.


    More options:

    VMware Security Hardening Guides | United States


    # Create Options
    $ExtraOptions = @{
    $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
    Foreach ($Option in $ExtraOptions.GetEnumerator()) {
        $OptionValue = New-Object VMware.Vim.optionvalue
        $OptionValue.Key = $Option.Key
        $OptionValue.Value = $Option.Value
        $vmConfigSpec.extraconfig += $OptionValue
    ## Apply (Modify Filter)
    ForEach ($vm in (get-folder -Name "TEST" | Get-VM )){
        $vmv = Get-VM $vm | Get-View
        $state = $vmv.Summary.Runtime.PowerState
    if ($state -eq "poweredOn") {
    $vmv.MigrateVM_Task($null, $_.Runtime.Host, 'highPriority', $null)