You could do, similar to the VM script, something like this.
This only shows 1 Advanced setting, the others will have to follow the same structure.
Not sure how you are going to document changes beyond Advanced settings (for example the NTP servers).
Btw, this has been an issue in all attempts to write a script that handles all security hardening guidelines
$report = @()
$date = Get-Date -format "ddMMyy_HHmm"
Get-VMHost -PipelineVariable esx | ForEach-Object -Process {
$tab = @{}
Get-AdvancedSetting -Entity $esx | ForEach-Object -Process {
$tab.Add($_.Name,$_.Value)
}
$changed = 0
Get-AdvancedSetting -Entity $esx -Name UserVars.DcuiTimeOut |
where{$_.Value -ne 600} | ForEach-Object -Process {
Set-AdvancedSetting -AdvancedSetting $_ -Value 600 -Confirm:$False | Out-Null
$changed++
}
# Other settings with similar structure
Write-Host "On $($esx.Name) there were $changed changes."
$report += Get-AdvancedSetting -Entity $esx |
Select @{N='VMHost';E={$esx.Name}},Name,@{N='OldValue';E={$tab[$_.Name]}},@{N='NewValue';E={$_.Value}}
}
$report | Export-Csv -Path "Settings_$($date).csv" -NoTypeInformation -UseCulture
