Thanks LucD, Please can you narrow this down to cluster level. For example, enter details like vcenter = VCSA01 and Cluster= Clus01 Username = admin@local password = Password01. Thanks in Advance Mo
Thanks LucD, Is the a sperate small script available I can run to disable/enable the lockdown mode in the environment using the vcenter. Thanks in advance. Mo
Hi LucD, Perfect, the above works perfectly. I have found the cluster has all the hosts in lockdown mode (Normal) and I need to manually disable the lockdown mode for the script to access the host a...
See more...
Hi LucD, Perfect, the above works perfectly. I have found the cluster has all the hosts in lockdown mode (Normal) and I need to manually disable the lockdown mode for the script to access the host and run accordingly. Is there anyway of adding in the script to disable lockdown mode, run the script and enable lockdown mode at the end. I assume you will need to access the vCenter. Happy to add in the vCenter name. Please advise. Many Thanks
Hi LucD, Apologies, I was making a silly mistake when editing the script. As always all works like a dream...you Da Genius. If I want to add two users at the same time (testuser1 and testuser2) ca...
See more...
Hi LucD, Apologies, I was making a silly mistake when editing the script. As always all works like a dream...you Da Genius. If I want to add two users at the same time (testuser1 and testuser2) can I do this on the same script or do i need to run the script twice changing the newuser field. And will have to add the below somewhere in the above script aswell I assume. $HostAccess = Get-View -Id $vmhost.ExtensionData.ConfigManager.HostAccessManager $currentUsers = $HostAcces.QueryLockdownExceptions() $newUsers = $currentUsers + $username $HostAccess.UpdateLockdownExceptions($newUsers)
Hi LucD, Its strange we don't see an error for not adding to the exceptions list. When we try the attached script, it creates the user and adds it to the exception list, but doesn't create the role....
See more...
Hi LucD, Its strange we don't see an error for not adding to the exceptions list. When we try the attached script, it creates the user and adds it to the exception list, but doesn't create the role. Can we use the commands for adding to the exceptions list from the attached and add it to the above script you have created. Then we can test if it works.
Hi LucD, Thank you for the above, the script creates the role with the correct permissions but fails to create the user and add the user to the exception users list in lockdown mode. See attached e...
See more...
Hi LucD, Thank you for the above, the script creates the role with the correct permissions but fails to create the user and add the user to the exception users list in lockdown mode. See attached errors for your reference. Please advise and let me know if I am doing something wrong. Thanks in advance.
Hi LucD, I have managed to edit the script as follows and got it working, but the following is not working: 1. Adding to exception user list is not working 2. Disable the lockdown mode, add the us...
See more...
Hi LucD, I have managed to edit the script as follows and got it working, but the following is not working: 1. Adding to exception user list is not working 2. Disable the lockdown mode, add the user and enable it again. (disable and enable commands missing) $newUser = "testuser" $newPassword = "Password123" $roleName = "testing" $privileges = 'Authorization.ModifyPermissions', 'Host.Config.SystemManagement', 'Host.Local.ManageUserGroups' Import-Csv "C:\Temp\Mo\hosts.csv" | ForEach-Object { $srv = Connect-VIServer -Server $_.Hostname -User 'root' -Password 'Password1234' $priv = Get-VIPrivilege | Where-Object { $_.Id -in $privileges} $role = Get-VIRole -Name $roleName -ErrorAction SilentlyContinue if (!$role) { $role = New-VIRole -Name $roleName -Privilege $priv -Server $srv -Confirm:$false } $account = Get-VMHostAccount -Id $newUser -ErrorAction SilentlyContinue if ($account) { Set-VMHostAccount -UserAccount $account -Password $newPassword } else { New-VMHostAccount -Id $newUser -Password $newPassword -GrantShellAccess:$true ` -AssignGroups 'root' -Description 'Test user creation' -UserAccount -Server $srv } $folder = Get-Folder -Name "root" -Server $srv $perm = Get-VIPermission -Entity $folder -Principal $newUser -ErrorAction SilentlyContinue if (!$perm) { New-VIPermission -Entity $folder -Principal $newUser -Role $role -Server $srv -Propagate $true -Confirm:$false } else { Set-VIPermission -Permission $perm -Role $role -Propagate } # Add user to lockdown exceptions $esx = Get-VMHost $accessMgr = Get-View $esx.ExtensionData.ConfigManager.HostAccessManager $accessMgr.UpdateLockdownExceptions($account) Disconnect-VIServer -Server $srv -Confirm:$false } Please can you do your magic
Thanks LucD, I have force disconnected the vcsa connections and re-run the script. Version of vCenter is 6.7 18485185 Host is VMware ESXi, 6.7.0, 16316930. I now get the attached error. Please...
See more...
Thanks LucD, I have force disconnected the vcsa connections and re-run the script. Version of vCenter is 6.7 18485185 Host is VMware ESXi, 6.7.0, 16316930. I now get the attached error. Please advise Thanks
Hi LucD, I hope your well, I have found the following script and wish to replace the 'datastore.browse' privilege with the following: Root>Authorisation>ModifyPermissions Root>Host>Config> System...
See more...
Hi LucD, I hope your well, I have found the following script and wish to replace the 'datastore.browse' privilege with the following: Root>Authorisation>ModifyPermissions Root>Host>Config> SystemManagement Root>Host>Local> ManageUserGroups Root>System>All Do I add a line for each of the above or is there an easier way. Please advise and feel free to edit your script $newUser = "newuser1" $newPassword = "Password123" $roleName = "test_role" Import-Csv "C:\Temp\Mo\hosts.csv" | %{ $srv = Connect-VIServer -Server $_.Hostname -User 'root' -Password 'rootpassword' $priv = Get-VIPrivilege -Server $srv | where {$_.Id -eq "Datastore.Browse"} $role = Get-VIRole -Name $roleName -ErrorAction SilentlyContinue if(!$role){ $role = New-VIRole -Name $roleName -Privilege $priv -Server $srv -Confirm:$false } $account = Get-VMHostAccount -Id $newUser -ErrorAction SilentlyContinue if($account){ Set-VMHostAccount -UserAccount $account -Password $newPassword } else{ New-VMHostAccount -Id $newUser -Password $newPassword -GrantShellAccess:$true ` -AssignGroups 'root' -Description 'Test user creation' -UserAccount -Server $srv } $folder = Get-Folder -Name "ha-folder-root" -Server $srv $perm = Get-VIPermission -Entity $folder -Principal $newUser -ErrorAction SilentlyContinue if(!$perm){ New-VIPermission -Entity $folder -Principal $newUser -Role $role -Server $srv -Propagate $true -Confirm:$false } else{ Set-VIPermission -Permission $perm -Role $role -Propagate } Disconnect-VIServer -Server $srv -Confirm:$false }
Hi LucD, I have tried to run the above working script on a different environment and get the following error: Start-VMHostService : 20/02/2023 11:27:05 Start-VMHostService Permission to perform...
See more...
Hi LucD, I have tried to run the above working script on a different environment and get the following error: Start-VMHostService : 20/02/2023 11:27:05 Start-VMHostService Permission to perform this operation was denied. Required privilege 'Host.Config.NetService' on managed object with id 'HostSystem-host-35'. At C:\temp\mo\slpdfix.ps1:19 char:75 + ... $_.Key -eq 'TSM-SSH' } | Start-VMHostService -Confirm:$false | Out-N ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Start-VMHostService], NoPermission + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_SetVMHostService_ViError,VMware.VimAutomation.ViCor e.Cmdlets.Commands.StartVMHostService I haven't changed anything on the script, please let me know how i can fix this error. Many Thanks
Thanks LucD, worked perfectly....Legend. Quick question, will the above settings stay as off when a host is rebooted? I haven't test this at the moment. If not please provide the line of code to ins...
See more...
Thanks LucD, worked perfectly....Legend. Quick question, will the above settings stay as off when a host is rebooted? I haven't test this at the moment. If not please provide the line of code to insert in the above script to keep the values off when rebooted. Thanks in advance.
Hi LucD, As per the slpd status script earlier on, I wish to now disable both the SFCB and SLP services on all the hosts. In the script I wish to set the hosts not to turn these two services on when...
See more...
Hi LucD, As per the slpd status script earlier on, I wish to now disable both the SFCB and SLP services on all the hosts. In the script I wish to set the hosts not to turn these two services on when rebooted. I am not sure if the below script has this feature or you can cook something up Again thanks in advance for your help. Powercli Options To Disable SFCB and SLP Services - VMware Technology Network VMTN Many Thanks
Thank you LucD, I have gone through the above link and the scripts actually carry out the fix. All I want is an output to show a list of all my hosts in the vCenter with the slpd service name and if...
See more...
Thank you LucD, I have gone through the above link and the scripts actually carry out the fix. All I want is an output to show a list of all my hosts in the vCenter with the slpd service name and if its on or off. I can only run the chkconfig --list | grep slpd at host level, like to run this on all hosts at once have an output on csv. I hope that helps and thanks for your help in advance.
Hi LUCD I am trying to find a script which will show the chkconfig --list | grep slpd for each host in my vcenter. I have 130 hosts and at the moment I can only do this by logging onto each host whi...
See more...
Hi LUCD I am trying to find a script which will show the chkconfig --list | grep slpd for each host in my vcenter. I have 130 hosts and at the moment I can only do this by logging onto each host which is time consuming. Please help Thanks Mo
