- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I wonder if somebody can help. With the code below I am able to change the lockdown mode on the esxi host but I am not able to get the script to list the local users on the Esxi host and get those added to the exception list
Just wondering if a foreach is needed to get this done (second line from bottom)
Thanks in advance
Connect-VIServer -Server vcenter_username -User -password
$hosts = Get-VMHost
Foreach ($vmhost in $hosts) {
$status = (Get-VMHost -name $vmhost).ExtensionData.Config.LockdownMode # checks lockdown mode
Write-Host "$status is set on $vmhost"
if ($status -eq "lockdownDisabled") {
(Get-VMHost $vmhost | Get-View).EnterLockdownMode() # sets lockdown mode to enabled.
Write-Host "Lockdown is now set to enabled on $vmhost"
}
else{
Write-Host "Lockdown is already set to enabled on $vmhost"
}
$HostAccess = Get-View -Id $vmhost.ExtensionData.ConfigManager.HostAccessManager
$currentUsers = $HostAccess.QueryLockdownExceptions()
$newUsers = $currentUsers + $username
foreach ($user in $newusers) {
$HostAccess.UpdateLockdownExceptions($newuser)}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The UpdateLockdownExceptions replaces the current list, so you will have to it in 1 go.
Something like this.
It assumes you are connected to the vCenter and that you update the exception list for all ESXi nodes.
You can limit the Get-VMHost eventually to filter but a few ESXi nodes.
$user = 'root'
$pswd = 'VMware1!'
$cred = New-Object -TypeName PSCredential -ArgumentList ($user,(ConvertTo-SecureString -String $pswd -Force -AsPlainText))
Get-VMHost -PipelineVariable esx|
ForEach-Object -Process {
Write-Host "Looking at $($esx.Name)"
$esxSrv = Connect-VIServer -Server $esx.Name -Credential $cred
$accMgr = Get-View -Id $esx.ExtensionData.ConfigManager.HostAccessManager
$names = Get-VMHostAccount -Server $esxSrv | Select -ExpandProperty Name
$currentUsers = $accMgr.QueryLockdownExceptions()
$accMgr.UpdateLockdownExceptions($names + $currentUsers)
# Check
$accMgr.QueryLockdownExceptions()
Disconnect-VIServer -Server $esxSrv -Confirm:$false
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked a treat thank you so much for your help. I managed to get the exception list updated with the names