Lockdown Mode 6.5 Exception Users List

unsichtbare · ‎09-12-2017

The exception Users List in 6.5 seems completely useless. My exception user is also an administrator in global privileges

I have tested in normal lockdown mode:

root can not ssh
root can DCUI
exception user can not ssh
exception user can not DCUI

In strict lockdown:

SSH and DCUI will not authenticate

Can someone suggest or demonstrate what the exception users list does in 6.5?

THX

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/

AishR · ‎09-19-2017

Exception users do not lose their privileges when the host enters lockdown mode. We can use the Exception User list to add the accounts of third-party solutions and external applications like backup agents that need to have access to ESXi host directly when the host is in lockdown mode. For more information, see vSphere 6.0 Lockdown Mode Exception Users - VMware vSphere Blog

unsichtbare · ‎09-21-2017

So why then can a administrator user on the exception list not use SSH, like it says in the article you identified?:

Only users on the Exception List can log into the ESXi server. And only Exception Users that are administrators can log in via SSH! Here you’ll see that accessing the host via PowerCLI will provide the list of local users on the ESXi host.

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/

All

Lockdown Mode 6.5 Exception Users List