Basic VM Hardening via PowerCLI

Version 3

    The used Hardening options are not an offical best practice but for me these selection is a good balance to protect the underlaying environment without loosing functionality.

     

    More options:

    VMware Security Hardening Guides | United States

     

    # Create Options
    $ExtraOptions = @{
        "isolation.tools.diskShrink.disable"="true";
        "isolation.tools.diskWiper.disable"="true";
        "isolation.tools.copy.disable"="true";
        "isolation.tools.paste.disable"="true";
        "isolation.tools.dnd.disable"="true";
        "isolation.tools.setGUIOptions.enable"="false";
        "log.keepOld"="10";
        "log.rotateSize"="100000"
        "RemoteDisplay.maxConnections"="2";
        "RemoteDisplay.vnc.enabled"="false";
    }
    $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
    Foreach ($Option in $ExtraOptions.GetEnumerator()) {
        $OptionValue = New-Object VMware.Vim.optionvalue
        $OptionValue.Key = $Option.Key
        $OptionValue.Value = $Option.Value
        $vmConfigSpec.extraconfig += $OptionValue
    }
    ## Apply (Modify Filter)
    ForEach ($vm in (get-folder -Name "TEST" | Get-VM )){
        $vmv = Get-VM $vm | Get-View
        $state = $vmv.Summary.Runtime.PowerState
             ($vmv).ReconfigVM_Task($vmConfigSpec)
    if ($state -eq "poweredOn") {
    $vmv.MigrateVM_Task($null, $_.Runtime.Host, 'highPriority', $null)
    }
        }