<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Script to change lockdown settings and add users to exception list in VMware PowerCLI Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975700#M112462</link>
    <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;I wonder if somebody can help. With the code below I am able to change the lockdown mode on the esxi host but I am not able to get the script to list the local users on the Esxi host and get those added to the exception list&lt;/P&gt;&lt;P&gt;Just wondering if a foreach is needed to get this done (second line from bottom)&lt;/P&gt;&lt;P&gt;Thanks in advance&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Connect-VIServer -Server vcenter_username -User&amp;nbsp; -password&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;$hosts = Get-VMHost&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Foreach ($vmhost in $hosts) {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; $status = (Get-VMHost -name $vmhost).ExtensionData.Config.LockdownMode # checks lockdown mode&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "$status is set on $vmhost"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; if ($status -eq "lockdownDisabled") {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; (Get-VMHost $vmhost | Get-View).EnterLockdownMode() # sets lockdown mode to enabled.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "Lockdown is now set to enabled on $vmhost"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; else{&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "Lockdown is already set to enabled on $vmhost"&lt;/P&gt;&lt;P&gt;}&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;$HostAccess = Get-View -Id $vmhost.ExtensionData.ConfigManager.HostAccessManager&lt;/P&gt;&lt;P&gt;$currentUsers = $HostAccess.QueryLockdownExceptions()&lt;/P&gt;&lt;P&gt;$newUsers = $currentUsers + $username&lt;/P&gt;&lt;P&gt;foreach ($user in $newusers) {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp; $HostAccess.UpdateLockdownExceptions($newuser)}&lt;/P&gt;&lt;P&gt;}&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Tue, 04 Jul 2023 09:01:09 GMT</pubDate>
    <dc:creator>seamusobr1</dc:creator>
    <dc:date>2023-07-04T09:01:09Z</dc:date>
    <item>
      <title>Script to change lockdown settings and add users to exception list</title>
      <link>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975700#M112462</link>
      <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;I wonder if somebody can help. With the code below I am able to change the lockdown mode on the esxi host but I am not able to get the script to list the local users on the Esxi host and get those added to the exception list&lt;/P&gt;&lt;P&gt;Just wondering if a foreach is needed to get this done (second line from bottom)&lt;/P&gt;&lt;P&gt;Thanks in advance&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Connect-VIServer -Server vcenter_username -User&amp;nbsp; -password&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;$hosts = Get-VMHost&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Foreach ($vmhost in $hosts) {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; $status = (Get-VMHost -name $vmhost).ExtensionData.Config.LockdownMode # checks lockdown mode&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "$status is set on $vmhost"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; if ($status -eq "lockdownDisabled") {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; (Get-VMHost $vmhost | Get-View).EnterLockdownMode() # sets lockdown mode to enabled.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "Lockdown is now set to enabled on $vmhost"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; else{&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Write-Host "Lockdown is already set to enabled on $vmhost"&lt;/P&gt;&lt;P&gt;}&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;$HostAccess = Get-View -Id $vmhost.ExtensionData.ConfigManager.HostAccessManager&lt;/P&gt;&lt;P&gt;$currentUsers = $HostAccess.QueryLockdownExceptions()&lt;/P&gt;&lt;P&gt;$newUsers = $currentUsers + $username&lt;/P&gt;&lt;P&gt;foreach ($user in $newusers) {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp; $HostAccess.UpdateLockdownExceptions($newuser)}&lt;/P&gt;&lt;P&gt;}&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 04 Jul 2023 09:01:09 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975700#M112462</guid>
      <dc:creator>seamusobr1</dc:creator>
      <dc:date>2023-07-04T09:01:09Z</dc:date>
    </item>
    <item>
      <title>Re: Script to change lockdown settings and add users to exception list</title>
      <link>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975715#M112463</link>
      <description>&lt;P&gt;The&amp;nbsp;&amp;nbsp;&lt;SPAN&gt;UpdateLockdownExceptions replaces the current list, so you will have to it in 1 go.&lt;BR /&gt;Something like this.&lt;BR /&gt;It assumes you are connected to the vCenter and that you update the exception list for all ESXi nodes.&lt;BR /&gt;You can limit the Get-VMHost eventually to filter but a few ESXi nodes.&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;LI-CODE lang="csharp"&gt;$user = 'root'
$pswd = 'VMware1!'

$cred = New-Object -TypeName PSCredential -ArgumentList ($user,(ConvertTo-SecureString -String $pswd -Force -AsPlainText))

Get-VMHost -PipelineVariable esx|
ForEach-Object -Process {
	Write-Host "Looking at $($esx.Name)"
	$esxSrv = Connect-VIServer -Server $esx.Name -Credential $cred

	$accMgr = Get-View -Id $esx.ExtensionData.ConfigManager.HostAccessManager
	$names = Get-VMHostAccount -Server $esxSrv | Select -ExpandProperty Name
	$currentUsers = $accMgr.QueryLockdownExceptions()
	$accMgr.UpdateLockdownExceptions($names + $currentUsers)

	# Check
	$accMgr.QueryLockdownExceptions()

	Disconnect-VIServer -Server $esxSrv -Confirm:$false
}&lt;/LI-CODE&gt;
&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 04 Jul 2023 10:30:14 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975715#M112463</guid>
      <dc:creator>LucD</dc:creator>
      <dc:date>2023-07-04T10:30:14Z</dc:date>
    </item>
    <item>
      <title>Re: Script to change lockdown settings and add users to exception list</title>
      <link>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975853#M112473</link>
      <description>&lt;P&gt;That worked a treat thank you so much for your help. I managed to get the exception list updated with the names&lt;/P&gt;</description>
      <pubDate>Wed, 05 Jul 2023 08:52:21 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Script-to-change-lockdown-settings-and-add-users-to-exception/m-p/2975853#M112473</guid>
      <dc:creator>seamusobr1</dc:creator>
      <dc:date>2023-07-05T08:52:21Z</dc:date>
    </item>
  </channel>
</rss>

