ron9999
Contributor
Contributor

Read security settings with PowerCLI

Hello together.

Is it possible to read the security settings from an ESX host and a Virtual Center Server over a PowerCLI Script?

My idea is to run a script over the whole environment and read all security settings such local user password aging, an overview of all local account of an ESX Host, all roles with set privileges and the assigned Active directory groups and other settings.

Is this possible?

Thanks for any input.

Regards

ron999

0 Kudos
3 Replies
LucD
Leadership
Leadership

For the permissions and roles you can use respectively the Get-VIRole and Get-VIPermission cmdlets.

To see the privileges use the Get-Privilege cmdlet.

Local accounts can be retrieved with the Get-VMHostAccount cmdlet.

For password aging of local accounts on ESX servers you will have to retrieve the /etc/login.defs file.

You could use plink.exe from the PuTTY Suite for that.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
ron9999
Contributor
Contributor

Hi LucD.

Thank you for the information. The backround of my request is to create an script for our SAS 70 II Audit to check the whole VMware environment with the parameter i asked and something more. At the moment i have no idea how i can start the script. Maybe someone else has a script that do the job I'm searching for.

0 Kudos
LucD
Leadership
Leadership

An easy entry would be to use the VMware Community PowerPack for PowerGui or vEcoShell which allows you to report on permissions, roles and privileges.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos