Hello,

I think you need to start with a more basic question, why is ANYONE logging directly into vSphere? THat should be a break glass situation. Get the users off the management console today. That will solve most if not all these issues. The admins should be using vCenter or the VCLI not the direct logins. THere is no reason for this except to fix hardware related issues which are BREAK GLASS. Need auditing using Hytrust, Thycotic, Xceedium or others of that ilk.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast