Thanks LUCD,

I have two queries

1) Need ur help as I want to harden specific VMs not all VMs then how I can do the same

2) in VMX if Remote.Display is set as 10 and if run this script will it change the value to 2 or it will keep both entry ??? my concern is if I need it should replace the value instead of creating duplicate entry.

need ur assistance on the same

regards

Mr VMware

1) How do you want to select those specific VMs ?

Based on the VM name, their membership of a cluster, datacenter... ?

2) A powered on VM has a copy of the VMX entries in memory.

That is the reason why William's post stresses the fact the you need to power off/on the VM to activate the new setting.

So the entry in the VMX file will change, no double entries, but to activate the new setting, a VM power off/on is required.

I want to filter my VMs by Annotations i.e. Exclude /Prod / STG etc, instead of giving VMname .

and u mean  to say that if we run this script if parameter already exist then it will replace with new Value, correct me if I am wrong.

previously manually I was adding the hardening parameter , after doing change if I try to poweron it say VMX file contain duplicate entry and VM icon change to orphan , hence i want to confirm if entry already exist then it should replace existing value

regards

Mr VMware

See your other thread on how to filter VMs based on annotations, see Re: How to capture CPU Memory DISk and Network utilzation for Specific set of VMs

Yes, it will replace the value.

But it requires a VM power off/on to activate the new setting

Sorry LUCD,

Request you to share the complete script on this thread as everytime I m doing some mistakes
sorry for the inconvenience caused.

sorry friend

Try something like this

It assumes that the settings are in a CSV file in the format

Name,Value
isolation.tools.diskWiper.disable,TRUE
isolation.tools.diskShrink.disable,TRUE

In my experience and VMware support confirmed this applying these settings through PowerCLI does NOT require a power off and on of the virtual machine for them to take effect.  For example an easy one to test with is the RemoteDisplay.maxConnections setting which will limit the number of console connections immediately if changed through PowerCLI.

Are you sure VMware Support confirmed this to be valid for all advanced settings ?

I thought some required a power off/on, but I would love to be proven wrong in this case :smileygrin:

William's post seems to confirm the power off/on requirement

They didn't mention any specific settings that would not but it was more of a general statement that when done through PowerCLI that the shutdown was not required.  I too thought the shutdown was required and during testing stuff was getting applied right away so I called and asked so I assume William's post is possibly just out of date since it is a few years old and because his statement was pretty definitive and I know the opposite is true with at least some of the settings.

I haven't tried this but I assume if you could edit the vmx file online and pulled the VMs advanced settings through PowerCLI they would not show up as changed since it's pulling that info from vCenter I believe.  And doing it through PowerCLI is changing it on the vCenter side and the VM side?

I have tried to to run above script getting below error.

PowerCLI C:\tmp> .\hard.ps1
Get-Annotation : 9/18/2014 5:39:20 AM    Get-Annotation        Could not find
AnnotationInterop with Name 'Project'.
At C:\tmp\hard.ps1:5 char:34
+ foreach($vm in (Get-VM | where {(Get-Annotation -Entity $_ -Name Project |
Selec ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Project:String) [Get-Annotation
   ], VimException
    + FullyQualifiedErrorId : Common_CommonUtil_FilterCollection_ObjectNotFoun
   d,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetAnnotation

Get-Annotation : 9/18/2014 5:39:20 AM    Get-Annotation        Could not find
AnnotationInterop with Name 'Project'.
At C:\tmp\hard.ps1:5 char:34
+ foreach($vm in (Get-VM | where {(Get-Annotation -Entity $_ -Name Project |
Selec ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Project:String) [Get-Annotation
   ], VimException
    + FullyQualifiedErrorId : Common_CommonUtil_FilterCollection_ObjectNotFoun
   d,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetAnnotation

Get-Annotation : 9/18/2014 5:39:20 AM    Get-Annotation        Could not find
AnnotationInterop with Name 'Project'.
At C:\tmp\hard.ps1:5 char:34
+ foreach($vm in (Get-VM | where {(Get-Annotation -Entity $_ -Name Project |
Selec ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Project:String) [Get-Annotation
   ], VimException
    + FullyQualifiedErrorId : Common_CommonUtil_FilterCollection_ObjectNotFoun
   d,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetAnnotation

need ur help to resolve...

regards

Mr VMware

Apparently there are some VMs that do not have the annotation "Project".

This is the same issue you reported in your thread, did you already the script I gave there (see Re: How to capture CPU Memory DISk and Network utilzation for Specific set of VMs