It is great getting 75 people to view the thread but no one is offering any advice, surely this is not just a one time thing.
We are trying to configure our host profile to remove the esxadmin from config.hostagent.plugins.hostsvc.esxadminsgroup. We can do it to each host using a script command to change the group to something other than the ESXadmins but how can I do that using a host profile? If we have to reboot anything it defaults back to esxadmins, we need this to stop. I know a script changing it back or setting it after the reboot is an option but we need it to NOT be reset. Any thoughts?
This setting is only applicable if both of these two things are true in your environment:
Are both of those things true for you?
We do not have them connected to AD, I realise that it shouldnt be a big deal but we have a stig requirement that wants it set t o something else. We have changed the names but it will still the group will come back on a reboot.
If they aren't connected to AD then the STIG requirement is nullified as it has absolutely no effect. It doesn't become auditable until those conditions are true.
I found that too, however i am just worried that since it still technically shows ESXadmins, during an inspection we may be dinged. I am just looking for the setting to change in the host profile without going to each and every host.
You shouldn't get dinged on that because part of that same report is basically isAdJoined and if it's false then that invalidates other advanced settings. Also, this is one of those advanced settings that isn't exposed by host profiles. Not all are, this is one. Again, it's not at all relevant if you're not joined.