Read security settings with PowerCLI

ron9999 · ‎10-11-2010

Hello together.

Is it possible to read the security settings from an ESX host and a Virtual Center Server over a PowerCLI Script?

My idea is to run a script over the whole environment and read all security settings such local user password aging, an overview of all local account of an ESX Host, all roles with set privileges and the assigned Active directory groups and other settings.

Is this possible?

Thanks for any input.

Regards

ron999

LucD · ‎10-11-2010

For the permissions and roles you can use respectively the Get-VIRole and Get-VIPermission cmdlets.

To see the privileges use the Get-Privilege cmdlet.

Local accounts can be retrieved with the Get-VMHostAccount cmdlet.

For password aging of local accounts on ESX servers you will have to retrieve the /etc/login.defs file.

You could use plink.exe from the PuTTY Suite for that.

____________

Blog: LucD notes

Twitter: lucd22

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

ron9999 · ‎10-12-2010

Hi LucD.

Thank you for the information. The backround of my request is to create an script for our SAS 70 II Audit to check the whole VMware environment with the parameter i asked and something more. At the moment i have no idea how i can start the script. Maybe someone else has a script that do the job I'm searching for.

LucD · ‎10-12-2010

An easy entry would be to use the VMware Community PowerPack for PowerGui or vEcoShell which allows you to report on permissions, roles and privileges.

____________

Blog: LucD notes

Twitter: lucd22

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Read security settings with PowerCLI