Thanks.  The security setting is static (Reject/False), so that can be a detail within the script, but I intend on simply providing a csv file with a list of host names.  Also, the vSwitch names will not be in the csv as those as well can be covered in the script logic (change setting on all vSwitches).

Thanks

Try something like this

Import-Csv "C:\esxnames.csv" -UseCulture | %{
    $esx = Get-View -ViewType HostSystem -Filter @{"Name"=$_.Name}
    $NetworkSystem = Get-View $esx.ConfigManager.NetworkSystem
    foreach ($sw in $NetworkSystem.Networkconfig.Vswitch){
        $swspec = $sw.spec
        $swspec.policy.security.AllowPromiscuous=$false
        $swspec.policy.security.ForgedTransmits=$false
        $swspec.policy.security.MacChanges=$false
        
        $NetworkSystem.UpdateVirtualSwitch($sw.name,$swspec)
    }
}

It assumes your CSV file looks like this

Name

host1

host2

host3

Thank you.

Is there any way you can intergrate a portion that prompts for the ESX, root password and then adjust the script to login locally to each ESX server to perform the changes?

I am thinking code like this:

write-host "Enter the root password"
$rootpassword = Read-Host
connect-viserver $esx -user root -password $rootpassword

Sure, try something like this

Import-Csv "C:\esxnames.csv" -UseCulture | %{
    $rootpassword = Read-Host -AsSecureString -Prompt ("Enter the root password for " + $_.Name)

    Connect-Viserver $_.Name -user root -password $rootpassword 

    $esx = Get-View -ViewType HostSystem -Filter @{"Name"=$_.Name}
    $NetworkSystem = Get-View $esx.ConfigManager.NetworkSystem
    foreach ($sw in $NetworkSystem.Networkconfig.Vswitch){
        $swspec = $sw.spec
        $swspec.policy.security.AllowPromiscuous=$false
        $swspec.policy.security.ForgedTransmits=$false
        $swspec.policy.security.MacChanges=$false
        $NetworkSystem.UpdateVirtualSwitch($sw.name,$swspec)
    }
    
    Disconnect-VIServer -Server $_.Name -Confirm:$false
}

Can't wait until all of our ESX servers are upgraded past 3.5.  Then I can upgrade our PowerCLI version.  Looks like 4.0 / U1 PowerCLI doesn't have import-csv - http://www.vmware.com/support/developer/windowstoolkit/wintk40u1/html/.

The Import-Csv cmdlet doesn't belong to PowerCLI, it is a standard PowerShell cmdlet.

Are you sure you don't have it ?

NM.  That isn't the problem.  The cmdlet populates fine from console.  When I run the script it quickly returns back to the prompt.  Trying to look through now to see what the problem is.

I was only testing with one server name - located in the first line of the csv file .  Got that part.  Last one on this.  Any way to have it use the password provided for all the servers and not prompt on each server for root password?

Perfect.  Thanks again.

Thanks, I modified this and used it to address the VMware Security Hardening Guide for 2 of the recommendations.  I included the ability to exclude specified port groups from being modified to address VMs that use MSCS for example.  I also save the original settings to a CSV file.

$ObjAllHosts = Get-Cluster -Name $cluster | Get-VMHost | sort Name
$ObjAllHosts | %{
    $esx = Get-View -ViewType HostSystem -Filter @{"Name"=$_}
    $NetworkSystem = Get-View $esx.ConfigManager.NetworkSystem
    foreach ($sw in $NetworkSystem.Networkconfig.Vswitch){
        $swspec = $sw.spec
        
        #Save original settings        
        $row = "" | Select Host, vSwitch, PG, ForgedTransmits, MacChanges
        $row.Host = $esx.Name
        $row.vSwitch = $sw.Name
        $row.PG = "default"
        $row.ForgedTransmits = $swspec.policy.security.ForgedTransmits
        $row.MacChanges = $swspec.policy.security.MacChanges
        $report += $row        
        $swspec.policy.security.ForgedTransmits=$false        
        $swspec.policy.security.MacChanges=$false        
        #Import new settings
        $NetworkSystem.UpdateVirtualSwitch($sw.name,$swspec)
    }
    
    foreach ($pg in $NetworkSystem.Networkconfig.PortGroup){
        if($excludedPGs -notcontains $pg.Spec.Name){
            $pgspec = $pg.spec
            
            #Save original settings
            $row = "" | Select Host, vSwitch, PG, ForgedTransmits, MacChanges
            $row.Host = $esx.Name
            $row.vSwitch = $sw.Name
            $row.PG = $pg.Spec.Name
            $row.ForgedTransmits = $pgspec.policy.security.ForgedTransmits
            $row.MacChanges = $pgspec.policy.security.MacChanges
            $report += $row            
            
            $pgspec.policy.security.forgedTransmits=$false
            $pgspec.policy.security.macChanges=$false            
            #Import new settings            
            $NetworkSystem.UpdatePortgroup($pgspec.name,$pgspec)
        }
    }
}

$report | Export-Csv $output_file -NoTypeInformation
Invoke-Item $output_file

I have tried this script, but getting following error:

[Error Start]

Import-Csv : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its

properties do not match any of the parameters that take pipeline input.

At C:\Users\abcd\Documents\vSwitchSeucrityConfig.ps1:2 char:1

+ Import-Csv "C:\Users\abcd\Documents\HostNames.csv" -UseCulture | %{

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (VMware.Vim.VirtualMachine:PSObject) [Import-Csv], ParameterBindingException

    + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.PowerShell.Commands.ImportCsvCommand

[Error End]

Can anyone help me?

I would need to see the complete script you are using.
Can you attach it?