The UpdateLockdownExceptions replaces the current list, so you will have to it in 1 go.
Something like this.
It assumes you are connected to the vCenter and that you update the exception list for all ESXi nodes.
You can limit the Get-VMHost eventually to filter but a few ESXi nodes.
$user = 'root'
$pswd = 'VMware1!'
$cred = New-Object -TypeName PSCredential -ArgumentList ($user,(ConvertTo-SecureString -String $pswd -Force -AsPlainText))
Get-VMHost -PipelineVariable esx|
ForEach-Object -Process {
Write-Host "Looking at $($esx.Name)"
$esxSrv = Connect-VIServer -Server $esx.Name -Credential $cred
$accMgr = Get-View -Id $esx.ExtensionData.ConfigManager.HostAccessManager
$names = Get-VMHostAccount -Server $esxSrv | Select -ExpandProperty Name
$currentUsers = $accMgr.QueryLockdownExceptions()
$accMgr.UpdateLockdownExceptions($names + $currentUsers)
# Check
$accMgr.QueryLockdownExceptions()
Disconnect-VIServer -Server $esxSrv -Confirm:$false
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference