LucD
Leadership
Leadership

The  UpdateLockdownExceptions replaces the current list, so you will have to it in 1 go.
Something like this.
It assumes you are connected to the vCenter and that you update the exception list for all ESXi nodes.
You can limit the Get-VMHost eventually to filter but a few ESXi nodes.

$user = 'root'
$pswd = 'VMware1!'

$cred = New-Object -TypeName PSCredential -ArgumentList ($user,(ConvertTo-SecureString -String $pswd -Force -AsPlainText))

Get-VMHost -PipelineVariable esx|
ForEach-Object -Process {
	Write-Host "Looking at $($esx.Name)"
	$esxSrv = Connect-VIServer -Server $esx.Name -Credential $cred

	$accMgr = Get-View -Id $esx.ExtensionData.ConfigManager.HostAccessManager
	$names = Get-VMHostAccount -Server $esxSrv | Select -ExpandProperty Name
	$currentUsers = $accMgr.QueryLockdownExceptions()
	$accMgr.UpdateLockdownExceptions($names + $currentUsers)

	# Check
	$accMgr.QueryLockdownExceptions()

	Disconnect-VIServer -Server $esxSrv -Confirm:$false
}

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos