VMware Cloud Community
RobertFIC
Contributor
Contributor
Jump to solution

Startup/Shutdown and Permissions

quick background --> since 4.1 i have simply removed the "root" User from the Host Permissions as mentioned in Method 3 here to recreate 4.0 Lockdown Mode in 4.1+.

when it comes to the Startup/Shutdown functionality after looking around i found this post and from that i gathered that i have to have "root" as a User under the Host and Guests for Startup/Shutdown to work.  i've tried adding "root" with either "No access" or "Read-only" to the Host and changing such to "Administrator" for the Guests to Startup/Shutdown but this doesn't work --> only when i have "root" with a Role of "Administrator" under both Host and Guests does it work.  is there just no way to get around this?

Reply
0 Kudos
1 Solution
6 Replies
RobertFIC
Contributor
Contributor
Jump to solution

i'll accept "no there's no way" as an answer and award points to that.  common.  you know you want to take the time to answer for points.

Reply
0 Kudos
Dave_Mishchenko
Immortal
Immortal
Jump to solution

I would start by creating a role with just the ability to power on a VM.  Grant that to root at the host level (i.e. no read or no access role at that level). Login to TSM and run the following command: vim-cmd hostsvc/autostartmanager/autostart If it doesn't work check messages and hostd.log in /var/log for related errors.

RobertFIC
Contributor
Contributor
Jump to solution

thank you for the direction Dave.  appreciate it.  i'll get to trying that out later so for now i'll flag your reply as helpful.

Reply
0 Kudos
RobertFIC
Contributor
Contributor
Jump to solution

alright so far just the Role with the bare minimum Privileges attached given to the "root" User under the Host and Guests fails to achieve the goal.  attached is the hostd.log entries where the VM's name appears.

in addition i've tried adding the following Privileges:

Datastore

     - Update virtual machine files

Scheduled task

     - Run task

Tasks

     - Create task

     - Update task

without any luck.  ideas anyone?

Reply
0 Kudos
RobertFIC
Contributor
Contributor
Jump to solution

Dave,

thank you very much for your help.  mission accomplished.

sorry for not getting back to you sooner.  a veteran Sales Rep of ours knocked a 32" DISPLAYWERKS Samsung touch LCD Monitor off its wall mount onto a couple of newly purchased, configured and shipped HP Tablet PCs...

Reply
0 Kudos