Try something like this

Connect-VIServer -Server $vcenter -Credential $AdminCredential | Out-Null

Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
    $accessMgr = Get-View -Id $esx.ExtensionData.ConfigManager.hostAccessManager
    if ($accessMgr.LockdownMode -in [VMware.Vim.HostLockdownMode]::lockdownNormal,[VMware.Vim.HostLockdownMode]::lockdownStrict) {
        $accessMgr.ChangeLockdownMode([VMware.Vim.HostLockdownMode]::lockdownDisabled)
    }
}

Disconnect-VIServer -Server $vcenter -Force -confirm:$false

Thanks LucD,

Please can you narrow this down to cluster level. For example, enter details like vcenter = VCSA01 and Cluster= Clus01 Username = admin@local password = Password01.

Thanks in Advance

Mo

Change

Get-VMHost -PipelineVariable esx |

to

Get-Cluster -Name Clus01 | Get-VMHost -PipelineVariable esx |

Thanks LucD,

Sorry, where do i put the vcenter, username and password details. Still learning to script...apologies.

Thanks

Mo

Thanks LucD....GENIUS..!

That works perfectly, disabled the hosts within the cluster. What do I need to change to enable lockdown (Normal).

Thanks in advance

Mo

Works like a dreammmmmmmm....!!!!

Thank you for all your help and answering all my queries.

One last question, some of our environments require the domainname\username e.g. (Prod\testuser01). The script returns an error 'user name or password has an invalid format'. But I can manually add the user with the domain in front successfully. 

Is a parameter/variable required to the script to allow this.

Thanks

Mo

The error seems to indicate the provided password does not meet the complexity requirements.
I don't see anything about an invalid format

The format "domain\user" is correct.
You can also try passing "user@domain", that should work as well.

Thanks LucD,

I have used a complex password and tried '\' and '@' and get the attached error.

Create User
Key
haTask-ha-folder-root-vim.host.LocalAccountManager.createUser-3465424481

Description
Creates a local user account

Folder:
State
Failed - A specified parameter was not correct: id

Errors

Please advise.

Thanks in Advance.

Mo

Are you switching back to this tread?
My last reply is in the other thread

Hi LucD,

Quick question, is there a way to edit the script add a user  via right click manage host > select permission and add the user domain\username and map to the role create earlier.

Pics attached for your reference.

Thanks in advance.

Isn't that what the New-VIpermission cmdlet is doing?

Thanks LucD,

The requirement for one of the environments is to add domain\username as per the attachment and I have done this manually via right click manage ---> permissions... Add user and select the role. So like to amend the script to do this.

If i try to add a domain\username via security & users --> users --> add user I get the error 'Invalid characters found in user name. Please use only alpha-numeric characters. As discussed previously.

I hope that helps.

Please advise thanks

Many Thanks

Adding Permissions is not the same as adding a user account.

For permissions use the New-VIPermission cmdlet, for adding a user, while connected to an ESXi node, use the New-VMHostAccount cmdlet. This adds a new account on the ESXi node.
The latter only creates local accounts, not AD accounts.

Thanks LucD,

What do I need to do to achieve the following in the script:

The requirement for one of the environments is to add domain\username as per the attachment and I have done this manually via right click manage ---> permissions... Add user and select the role. So like to amend the script to do this.

Thanks

Not sure what more can I tell you.

Use the New-VIPermission cmdlet, on the Principal parameter, use the domain/user notation.
The snippet I gave earlier already contains such a New-VIPermssion line.