Reply to Message

View discussion in a popup

Replying to:
LucD
Leadership
Leadership

You could do, similar to the VM script, something like this.

This only shows 1 Advanced setting, the others will have to follow the same structure.

Not sure how you are going to document changes beyond Advanced settings (for example the NTP servers).

Btw, this has been an issue in all attempts to write a script that handles all security hardening guidelines

$report = @()

$date = Get-Date -format "ddMMyy_HHmm"


Get-VMHost -PipelineVariable esx | ForEach-Object -Process {

    $tab = @{}


    Get-AdvancedSetting -Entity $esx | ForEach-Object -Process {

        $tab.Add($_.Name,$_.Value)

    }


    $changed = 0


    Get-AdvancedSetting -Entity $esx -Name UserVars.DcuiTimeOut |

    where{$_.Value -ne 600} | ForEach-Object -Process {

        Set-AdvancedSetting -AdvancedSetting $_ -Value 600 -Confirm:$False | Out-Null

        $changed++

    }


    # Other settings with similar structure


    Write-Host "On $($esx.Name) there were $changed changes."


    $report += Get-AdvancedSetting -Entity $esx |

    Select @{N='VMHost';E={$esx.Name}},Name,@{N='OldValue';E={$tab[$_.Name]}},@{N='NewValue';E={$_.Value}}


}


$report | Export-Csv -Path "Settings_$($date).csv" -NoTypeInformation -UseCulture


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post