VMware Cloud Community
Joggid_1981
Contributor
Contributor

Workarounds for VMSA-2020-0026.1 - Multiple removing USB controllers from VM's

Hello,

could you help me with script for removing all types "USB" Controllers from VMs? I found a lot of VMs in our environments and we want to remove it from all VMs.The reason is vulnerability VMSA-2020-0026.1.

David

Reply
0 Kudos
8 Replies
LucD
Leadership
Leadership

This security post only mentions the XHCI USB controllers
So you do not need to remove all USB controllers.

You can do something like this

Get-View -ViewType VirtualMachine -Property Name,'Config.Hardware.Device' -PipelineVariable vm | 
ForEach-Object -Process {
    $spec = New-Object -TypeName VMware.Vim.VirtualMachineConfigSpec

    $vm.Config.Hardware.Device.Where({$_ -is [VMware.Vim.VirtualUSBXHCIController]}) |
    ForEach-Object -Process {
        $devSpec = New-Object -TypeName VMware.Vim.VirtualDeviceConfigSpec
        $devSpec.Device = $_
        $devSpec.Operation = [VMware.Vim.VirtualDeviceConfigSpecOperation]::remove
        $spec.DeviceChange += $devSpec
    }
    if($spec.DeviceChange -ne $null){
        $vm.ReconfigVM($spec)
    }
}

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Joggid_1981
Contributor
Contributor

Excellent!!! Many thanks for this in very short time. 🙂

David

Reply
0 Kudos
sandy8
Contributor
Contributor

thanks for the script. how to run this only for multiple specific VMs like declaring as variable value. Because Get-view i found we can use filter using one VM name but not multiple VMs.

Reply
0 Kudos
LucD
Leadership
Leadership

You can use the filter to select multiple VMs.
Since the right side is a RegEx, you can do.

Get-View -ViewType VirtualMachine -Filter @{Name='vm1|vm2|vm3'}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
sandy8
Contributor
Contributor

any other ways to filter as i need to remove non-prod cluster VMs first which is 30+ and then we remove Prod cluster VMs which is 40+. any possible ways to input the VM names.

 

Thanks for you quick reply 🙂

Reply
0 Kudos
LucD
Leadership
Leadership

When you have the names of the VMs in a variable, you could use the -contains operator.

$vmNames = 'vm1','vm2','vm3'

Get-View -ViewType VirtualMachine | where{$vmNames -contains $_.Name}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
sandy8
Contributor
Contributor

that's perfect , i am able to modify the script for multiple VMs and test it.

Thanks for your inputs 🙂

Reply
0 Kudos
mtnbkr0918
Enthusiast
Enthusiast

Does the VM need to be powered off to remove the controller?

Reply
0 Kudos