I'm hardening some VMs, and I have a script that I found online (can't remember who it was from, but probably LucD). The script is not the issue, but the csv file that the script references has some of these lines:
floppy0.present,FALSE
ide0:0.present,FALSE
logging,TRUE
Well, the script seems to work fine, but then when I check the .vmx file with (Get-VM "Name").extensiondata.config.extraconfig, the $_.key for any line that has to do with virtual hardware does not appear. I don't think this is really a scripting issue, but this section is so active, that maybe someone can lead me in the right direction, and I'm using PowerCLI to edit the settings, so I guess it's relevant. There are multiple lines, and everything appears fine except for hardware related lines:
floppy0.present,FALSE
floppy1.present,FALSE
ide0:0.present,FALSE
ide0:1.present,FALSE
ide1:0.present,FALSE
ide1:1.present,FALSE
parallel0.present,FALSE
serial0.present,FALSE
Other lines appear when I retrieve them:
isolation.monitor.control.disable,TRUE
isolation.tools.ghi.autologon.disable,TRUE
isolation.bios.bbs.disable,TRUE
isolation.tools.getCreds.disable,TRUE
Even if I "edit settings" > Options > Advanced | General > Configuration Parameters, and add a line there, I can't retrieve it with powershell (only hardware lines) if I directly edit the .vmx file and copy it back, those lines don't show up with powershell, but they will show up if I look at the .vmx file on Windows with Write, or some other text editor.
Has anyone experienced this? More importantly, does anyone know what I'm doing wrong?
The script is here, and there is a CSV file that I use, with the examples that I listed, it has the Key,Value columns correctly
#This line imports the key and value pair for the .vmx setting
$import = Import-Csv "C:\STIGapply\STIG_current.csv"
$VMs = Get-folder STIG | Get-VM "*clone"
$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
Foreach ($item in $import) {
$extra = New-Object VMware.Vim.OptionValue
$extra.Key = $item.Key
$extra.Value = $item.Value
$vmConfigSpec.extraconfig += $extra
}
Foreach ($vm in $vms) {
$vm.ExtensionData.ReconfigVM($vmConfigSpec)
}
In ExtraConfig you will only see the VMX lines that do not have an actual entry in the VirtualMachine object.
In the case of the devices, these can be found in $vm.ExtensionData.Config.Hardware.Device.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I am not sure what you try to achieve with the hardware lines. Are you trying to remove hardware from the virtual machines? Should you not use cmdlets like Remove-FloppyDrive to remove the hardware? I don't think that just editing the vmx is file is sufficient.
From the wording, it seems like it should be an option to prevent the devices from being added, or if they are added, preventing them from actually being enabled. One of the options can be found here http://www.stigviewer.com/check/ESXI5-VM-000034
I'm familiar with the cmdlets for removing hardware after it is added, but this is proactive measure. Thanks for the response. My main issue is why the options don't show up when I type
(Get-VM "Name").extensiondata.config.extraconfig. It just seems odd, but again, I may just be doing something wrong.
In ExtraConfig you will only see the VMX lines that do not have an actual entry in the VirtualMachine object.
In the case of the devices, these can be found in $vm.ExtensionData.Config.Hardware.Device.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ahhhhh...thank you. I actually saw a post that Alan Renouf had Working with VM Devices in PowerCLI | VMware PowerCLI Blog - VMware Blogs and he had some functions for removing devices like serial and parallel ports, but I didn't know why they would not show up if I added the line to the .vmx file. Do you know if there is a way to prevent the adding of those devices beforehand?
Regardless, that is useful information, and I appreciate it.
Unless you create your new VMs from templates, you will get a 'default' HW configuration for the VM.
What HW you get depends on the OS you have specified for the VM, the HW present on the ESXi host, the type of license you have on the ESXi host and a couple of other factors.
Afaik, this is not user configurable.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference