VMware Cloud Community
tkutil
Enthusiast
Enthusiast
‎11-30-2018 06:40 AM

Disabling Root on ESXi

For security reasons we'd like to disable root or at least change the role.

Is there anything I need to do or look out for?

This is what I have done so far...

  1. I have already created another account and assigned it to the administrator role.
  2. I enabled active directory authentication.
  3. I removed and re-added my esxi hosts using the new local admin account.

TIA

Troy

Tags (2)
Reply
0 Kudos
2 Replies
EricChigoz
Enthusiast
Enthusiast
‎11-30-2018 07:07 AM

Hello,

see if this helps:

Security Hardening Guides - VMware Security

Find this helpful? Please award points. Thank you !
Reply
0 Kudos
sk84
Expert
Expert
‎11-30-2018 07:07 AM

It is not recommended to delete the root user.

But you can assign another role to the root account. For example, "read-only" oder "no access". But first you should have assigned the administrator role on root level to another user.

You can also configure lockdown mode for your ESXi hosts, so that only specific users can login via shell or dcui. This prevents the root account from being used for external logins.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
Reply
0 Kudos