VMware Cloud Community
drewdown
Contributor
Contributor
‎10-22-2009 07:59 AM

vCenter login?

How do I control who can and can't login to vCenter without adding them to the local admin group on a win2008 server?

TY

0 Kudos
3 Replies
Troy_Clavell
Immortal
Immortal
‎10-22-2009 08:05 AM

my advise would be to remove the remove the Administrators group from within vCenter. This role is tied to the local admins group on the Windows Host. We create a vcadmins group and add people into that the give them the Administrators role. This way local administrators don't have full rights within vCenter.

0 Kudos
drewdown
Contributor
Contributor
‎10-22-2009 08:09 AM

Thanks Troy.

In vCenter at the top level under Permissions the Administrators Group is actually the local admin group? I added a domain user at the top level through vCenter and put him in the 'Administrator' Role and he was able to login without fail. He is NOT in the local admin group on the server.

Only 2 people will need top level permissions, me (domain admin) and an engineer (not domain admin). Everyone else will need perms to powercycle their machines. Do I have to set those perms individually on each VM?

0 Kudos
Troy_Clavell
Immortal
Immortal
‎10-22-2009 08:17 AM

The Administrator Role defines your permissions within vCenter, The Group Administrators is completly different than the ROLE Administrator. Therefore adding a domain user to the administrator role at the top level will give that user full permissions into your VCMS.

First, create an AD group, something like VCAdmins, then add AD users to that group. Add the newly created group at the very top level of your vCenter Server, give that group the Administrator role, remove the Administrators Group and the default users group. This will limit connections.

This is a little dated but may be useful

0 Kudos