VMware Cloud Community
DZ1
Hot Shot
Hot Shot
‎07-18-2013 09:50 AM
Jump to solution

Odd listing with .vmx file

I'm hardening some VMs, and I have a script that I found online (can't remember who it was from, but probably LucD).  The script is not the issue, but the csv file that the script references has some of these lines:

floppy0.present,FALSE

ide0:0.present,FALSE

logging,TRUE

Well, the script seems to work fine, but then when I check the .vmx file with (Get-VM "Name").extensiondata.config.extraconfig, the $_.key for any line that has to do with virtual hardware does not appear.  I don't think this is really a scripting issue, but this section is so active, that maybe someone can lead me in the right direction, and I'm using PowerCLI to edit the settings, so I guess it's relevant.  There are multiple lines, and everything appears fine except for hardware related lines:

floppy0.present,FALSE

floppy1.present,FALSE

ide0:0.present,FALSE

ide0:1.present,FALSE

ide1:0.present,FALSE

ide1:1.present,FALSE

parallel0.present,FALSE

serial0.present,FALSE

Other lines appear when I retrieve them:

isolation.monitor.control.disable,TRUE

isolation.tools.ghi.autologon.disable,TRUE

isolation.bios.bbs.disable,TRUE

isolation.tools.getCreds.disable,TRUE

Even if I "edit settings" > Options > Advanced | General > Configuration Parameters, and add a line there, I can't retrieve it with powershell (only hardware lines)  if I directly edit the .vmx file and copy it back, those lines don't show up with powershell, but they will show up if I look at the .vmx file on Windows with Write, or some other text editor. 

Has anyone experienced this?  More importantly, does anyone know what I'm doing wrong?

The script is here, and there is a CSV file that I use, with the examples that I listed, it has the Key,Value columns correctly

#This line imports the key and value pair for the .vmx setting

$import = Import-Csv "C:\STIGapply\STIG_current.csv"

$VMs = Get-folder STIG | Get-VM "*clone"

$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

Foreach ($item in $import) {

$extra = New-Object VMware.Vim.OptionValue

$extra.Key = $item.Key

$extra.Value = $item.Value

$vmConfigSpec.extraconfig += $extra

}

Foreach ($vm in $vms) {

$vm.ExtensionData.ReconfigVM($vmConfigSpec)

}

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎07-18-2013 11:18 AM
Jump to solution

In ExtraConfig you will only see the VMX lines that do not have an actual entry in the VirtualMachine object.

In the case of the devices, these can be found in $vm.ExtensionData.Config.Hardware.Device.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
5 Replies
RvdNieuwendijk
Leadership
Leadership
‎07-18-2013 10:12 AM
Jump to solution

I am not sure what you try to achieve with the hardware lines. Are you trying to remove hardware from the virtual machines? Should you not use  cmdlets like Remove-FloppyDrive to remove the hardware? I don't think that just editing the vmx is file is sufficient.

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
Reply
0 Kudos
DZ1
Hot Shot
Hot Shot
‎07-18-2013 11:13 AM
Jump to solution

From the wording, it seems like it should be an option to prevent the devices from being added, or if they are added, preventing them from actually being enabled.  One of the options can be found here http://www.stigviewer.com/check/ESXI5-VM-000034 

I'm familiar with the cmdlets for removing hardware after it is added, but this is proactive measure.  Thanks for the response.  My main issue is why the options don't show up when I type

(Get-VM "Name").extensiondata.config.extraconfig.  It just seems odd, but again, I may just be doing something wrong. 

Reply
0 Kudos
LucD
Leadership
Leadership
‎07-18-2013 11:18 AM
Jump to solution

In ExtraConfig you will only see the VMX lines that do not have an actual entry in the VirtualMachine object.

In the case of the devices, these can be found in $vm.ExtensionData.Config.Hardware.Device.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DZ1
Hot Shot
Hot Shot
‎07-18-2013 11:27 AM
Jump to solution

Ahhhhh...thank you.  I actually saw a post that Alan Renouf had Working with VM Devices in PowerCLI | VMware PowerCLI Blog - VMware Blogs and he had some functions for removing devices like serial and parallel ports, but I didn't know why they would not show up if I added the line to the .vmx file.  Do you know if there is a way to prevent the adding of those devices beforehand?  

Regardless, that is useful information, and I appreciate it. 

Reply
0 Kudos
LucD
Leadership
Leadership
‎07-18-2013 11:36 AM
Jump to solution

Unless you create your new VMs from templates, you will get a 'default' HW configuration for the VM.

What HW you get depends on the OS you have specified for the VM, the HW present on the ESXi host, the type of license you have on the ESXi host and a couple of other factors.

Afaik, this is not user configurable.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos