I have made quite long google search but have not found that command. For Hyper-V there is Set-VMSecurity. Is there something similar for vSphere?
Main goal is to deploy new VM from command line with VBS turned on.
Try like this
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
$spec.NestedHVEnabled = $true
$boot = New-Object VMware.Vim.VirtualMachineBootOptions
$boot.EfiSecureBootEnabled = $true
$spec.BootOptions = $boot
$flags = New-Object VMware.Vim.VirtualMachineFlagInfo
$flags.VbsEnabled = $true
$flags.VvtdEnabled = $true
$spec.flags = $flags
$vm.ExtensionData.ReconfigVM($spec)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Here's how to check in powershell
(Get-VM myVM).extensiondata.config.flags.VbsEnabled
And how to set
$vm = Get-VM myVM
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$flags = New-Object VMware.Vim.VirtualMachineFlagInfo
$flags.VbsEnabled = $true
$spec.flags = $flags
$vm.ExtensionData.ReconfigVM($spec)
Thanks, but in my setup it does not work.
Exception calling "ReconfigVM" with "1" arguments (0): "Invalid virtual machine configuration. Secure Boot should be enabled when enabling VBS (Virtualization-Based Security). Nested Hardware-Assisted Virtualization should be enabled when enabling VBS (Virtualization-Based Security). VVTD (Intel Virtualization Technology for Directed I/O) should be enabled when enabling VBS (Virtualization-Based Security)"
+$vm.ExtensionData.ReconfigVM($spec)
Probably those 3 features needs to be enabled via powercli before enabling VBS. For VVTD probably VvtEnabled flag can be used similar way, but what about NHAV?
Secure Boot example:
$vm = Get-VM TestVM
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
$vm.ExtensionData.ReconfigVM($spec)
Moderator: Moved to PowerCLI
Try like this
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
$spec.NestedHVEnabled = $true
$boot = New-Object VMware.Vim.VirtualMachineBootOptions
$boot.EfiSecureBootEnabled = $true
$spec.BootOptions = $boot
$flags = New-Object VMware.Vim.VirtualMachineFlagInfo
$flags.VbsEnabled = $true
$flags.VvtdEnabled = $true
$spec.flags = $flags
$vm.ExtensionData.ReconfigVM($spec)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Works well!
I had posted a reply here asking how to do this for multiple VMs using a list in a .txt file but I figured out the solution:
foreach($vmlist in (Get-Content -Path "C:\VMList.txt")){
$vm = Get-VM -Name $vmlist
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
$spec.NestedHVEnabled = $true
$boot = New-Object VMware.Vim.VirtualMachineBootOptions
$boot.EfiSecureBootEnabled = $true
$spec.BootOptions = $boot
$flags = New-Object VMware.Vim.VirtualMachineFlagInfo
$flags.VbsEnabled = $true
$flags.VvtdEnabled = $true
$spec.flags = $flags
$vm.ExtensionData.ReconfigVM($spec)
}