https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305641#M82339 <HTML><HEAD></HEAD><BODY><P>1. With 'hosts' do you mean VMs or ESXi nodes? <SPAN style="color: #408c52;"><STRONG>ESXi NODES</STRONG></SPAN><BR />2. How will you provide the 'desired settings'? <STRONG style="color: #408c52;">like the parametre that I added to VMs in the script</STRONG></P><P>Like this:</P><P></P><P style="padding-left: 30px;">Foreach ($VMHost in Get-VMHost ) { $ESXCli = Get-EsxCli -VMHost $VMHost $ESXCli.software.acceptance.Set("PartnerSupported") }</P><P style="padding-left: 30px;">$NTPServers = "pool.ntp.org", "pool2.ntp.org" Get-VMHost | Add-VmHostNtpServer $NTPServers</P><P></P><P><BR />3. I suspect you mean '<STRONG>not</STRONG> set'? <STRONG style="color: #408c52;">Yep you are right</STRONG></P><P>4. What should be in that report? Juste one excel file which inclue worksheet | one for VMs - One for Node and they should include the below details in column</P><P><STRONG>vcenter</STRONG> <STRONG>Node</STRONG> <STRONG>VM&nbsp;&nbsp;&nbsp; ParametreName</STRONG>&nbsp;&nbsp;&nbsp; <STRONG>OldValue&nbsp;&nbsp;&nbsp; NewValue </STRONG></P><P></P><P>5.2 Why would there be VMs remaining to be hardened? <SPAN style="color: #408c52;"><STRONG>my bad, I mean nombre of VMs hardned and number of nodes hardned</STRONG></SPAN></P><P></P><P><SPAN style="color: #303030;">for sure output log is required, espacialy if something happen<STRONG> <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></STRONG></SPAN></P><P></P><P><SPAN style="color: #408c52;"><STRONG><SPAN lang="en"><SPAN style="color: #303030;">if you have any other suggestion, I am interested. after all I'm trying to do something that could be of use to the community.</SPAN><img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></SPAN></STRONG></SPAN></P><P></P><P></P><P></P></BODY></HTML> Wed, 16 Sep 2020 13:46:34 GMT SCharchouf 2020-09-16T13:46:34Z https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305639#M82337 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 12pt;">With LucD help I created this script in order to secure ESXi based on VMware recommandation</SPAN></P><P></P><P><SPAN style="font-size: 12pt;">I will need assistance and collaboration in order to:</SPAN></P><P></P><OL><LI><STRONG style="font-size: 12pt;">Get existant value for hosts</STRONG></LI><LI><STRONG style="font-size: 12pt;">Add advanced settings for Hosts</STRONG></LI><LI><STRONG style="font-size: 12pt;">if the required value is set, script must have the ability to compare existant value with the desired and made the required change</STRONG></LI><LI><STRONG style="font-size: 12pt;">get report</STRONG></LI><LI><STRONG style="font-size: 12pt;">Receive an email with information how many </STRONG><OL><LI><STRONG style="font-size: 12pt;">Hardened VMs &amp; Hardned Hosts</STRONG></LI><LI><STRONG style="font-size: 12pt;">Remaining VMs &amp; Host to hardned</STRONG></LI></OL></LI></OL><P></P><P></P><P></P><P>Connect-VIServer -Server "vcenter1", "vcenter2"</P><P></P><P># vCenter Login</P><P>$vCUser="login"</P><P>$vCPass="password"</P><P></P><P>$StartTime = Get-Date</P><P></P><P>$report = @()</P><P></P><P></P><P>Foreach ($Host in Get-VMHost)</P><P></P><P>{</P><P>&nbsp;&nbsp;&nbsp; $tab = @{}</P><P></P><P>&nbsp;&nbsp;&nbsp; $date=Get-Date -format "ddMMyy_HHmm"</P><P></P><P>&nbsp;&nbsp;&nbsp; Get-AdvancedSetting -Entity $Host | ForEach-Object -Process {</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $tab.Add($_.Name,$_.Value)</P><P></P><P> }</P><P> }</P><P></P><P></P><P>$NTPServers = "NTP1", "NTP2" Get-VMHost | Add-VmHostNtpServer $NTPServers</P><P></P><P></P><P>Foreach ($vm in Get-VM)</P><P></P><P>{</P><P></P><P>&nbsp;&nbsp;&nbsp; $tab = @{}</P><P></P><P>&nbsp;&nbsp;&nbsp; $date=Get-Date -format "ddMMyy_HHmm"</P><P></P><P>&nbsp;&nbsp;&nbsp; Get-AdvancedSetting -Entity $vm | ForEach-Object -Process {</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $tab.Add($_.Name,$_.Value)</P><P></P><P></P><P></P><P>&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.device.edit.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.device.connectable.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.copy.disable -Value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.paste.disable -Value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.autologon.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.bios.bbs.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.protocolhandler.info.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.taskbar.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unityActive.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.windowContents.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.push.update.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.vmxDnDVersionGet.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.guestDnDVersionSet.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.ghi.host.shellAction.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.dispTopoRequest.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.trashFolderState.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.trayicon.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.unityInterlockOperation.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.getCreds.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.hgfsServerSet.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.launchmenu.change -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.memSchedFakeSampleStats.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.copy.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.dnd.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.setGUIOptions.enable -value FALSE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.paste.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name RemoteDisplay.vnc.enabled -value FALSE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name svga.vgaOnly -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name mks.enable3d -value FALSE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.diskShrink.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.diskWiper.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name isolation.tools.vixMessage.disable -value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name log.keepOld -value 10 -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name tools.guestlib.enableHostInfo -value FALSE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name log.rotateSize -value 102400 -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name Remove-FloppyDrive -Value TRUE -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P>&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; New-AdvancedSetting -Entity $vm -Name tools.setInfo.sizeLimit -value 1048576 -Confirm:$False -Force:$True | select @{N='VM';E={$_.Entity.Name}},Name,Value</P><P></P><P>&nbsp;&nbsp;&nbsp; # repeat for other settings</P><P></P><P>&nbsp; </P><P></P><P>&nbsp;&nbsp;&nbsp; $report += Get-AdvancedSetting -Entity $vm |</P><P></P><P>&nbsp;&nbsp;&nbsp; Select @{N='VM';E={$vm.Name}},Name,@{N='OldValue';E={$tab[$_.Name]}},@{N='NewValue';E={$_.Value}}</P><P></P><P>}</P><P></P><P></P><P>$report | Export-Csv -Path "Settings_$($date).csv" -NoTypeInformation -UseCulture</P><P></P><P>$EndTime = Get-Date</P><P>$duration = [math]::Round((New-TimeSpan -Start $StartTime -End $EndTime).TotalMinutes,2)</P><P>Write-Host "================================"</P><P>Write-Host "Hardening VMs By vCenter Completed!" -Foregroundcolor "Green"</P><P>Write-Host "Hardening Hosts By vCenter Completed!" -Foregroundcolor "Cyan"</P><P>Write-Host "StartTime: $StartTime"</P><P>Write-Host "EndTime: $EndTime"</P><P>Write-Host "Duration: $duration minutes"</P><P>Write-Host "================================"</P></BODY></HTML> Wed, 16 Sep 2020 12:53:03 GMT https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305639#M82337 SCharchouf 2020-09-16T12:53:03Z https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305640#M82338 <HTML><HEAD></HEAD><BODY><P>1. With 'hosts' do you mean VMs or ESXi nodes?<BR />2. How will you provide the 'desired settings'?<BR />3. I suspect you mean '<STRONG>not</STRONG> set'?</P><P>4. What should be in that report?</P><P>5.2 Why would there be VMs remaining to be hardened?</P></BODY></HTML> Wed, 16 Sep 2020 13:18:00 GMT https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305640#M82338 LucD 2020-09-16T13:18:00Z https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305641#M82339 <HTML><HEAD></HEAD><BODY><P>1. With 'hosts' do you mean VMs or ESXi nodes? <SPAN style="color: #408c52;"><STRONG>ESXi NODES</STRONG></SPAN><BR />2. How will you provide the 'desired settings'? <STRONG style="color: #408c52;">like the parametre that I added to VMs in the script</STRONG></P><P>Like this:</P><P></P><P style="padding-left: 30px;">Foreach ($VMHost in Get-VMHost ) { $ESXCli = Get-EsxCli -VMHost $VMHost $ESXCli.software.acceptance.Set("PartnerSupported") }</P><P style="padding-left: 30px;">$NTPServers = "pool.ntp.org", "pool2.ntp.org" Get-VMHost | Add-VmHostNtpServer $NTPServers</P><P></P><P><BR />3. I suspect you mean '<STRONG>not</STRONG> set'? <STRONG style="color: #408c52;">Yep you are right</STRONG></P><P>4. What should be in that report? Juste one excel file which inclue worksheet | one for VMs - One for Node and they should include the below details in column</P><P><STRONG>vcenter</STRONG> <STRONG>Node</STRONG> <STRONG>VM&nbsp;&nbsp;&nbsp; ParametreName</STRONG>&nbsp;&nbsp;&nbsp; <STRONG>OldValue&nbsp;&nbsp;&nbsp; NewValue </STRONG></P><P></P><P>5.2 Why would there be VMs remaining to be hardened? <SPAN style="color: #408c52;"><STRONG>my bad, I mean nombre of VMs hardned and number of nodes hardned</STRONG></SPAN></P><P></P><P><SPAN style="color: #303030;">for sure output log is required, espacialy if something happen<STRONG> <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></STRONG></SPAN></P><P></P><P><SPAN style="color: #408c52;"><STRONG><SPAN lang="en"><SPAN style="color: #303030;">if you have any other suggestion, I am interested. after all I'm trying to do something that could be of use to the community.</SPAN><img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></SPAN></STRONG></SPAN></P><P></P><P></P><P></P></BODY></HTML> Wed, 16 Sep 2020 13:46:34 GMT https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305641#M82339 SCharchouf 2020-09-16T13:46:34Z https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305642#M82340 <HTML><HEAD></HEAD><BODY><P>You could do, similar to the VM script, something like this.</P><P>This only shows 1 Advanced setting, the others will have to follow the same structure.</P><P></P><P>Not sure how you are going to document changes beyond Advanced settings (for example the NTP servers).</P><P>Btw, this has been an issue in all attempts to write a script that handles all security hardening guidelines</P><P></P><DIV><SPAN style="color: #4876d6;">$report</SPAN> <SPAN style="color: #994cc3;">=</SPAN> <SPAN style="color: #994cc3;">@</SPAN>() <BR /><P><SPAN style="color: #4876d6;">$date</SPAN> <SPAN style="color: #994cc3;">=</SPAN> <SPAN style="color: #0c969b;">Get-Date</SPAN> <SPAN style="color: #994cc3;">-</SPAN>format <SPAN style="color: #111111;">"</SPAN><SPAN style="color: #c96765;">ddMMyy_HHmm</SPAN><SPAN style="color: #111111;">"</SPAN></P><BR /><P><SPAN style="color: #0c969b;">Get-VMHost</SPAN> <SPAN style="color: #994cc3;">-</SPAN>PipelineVariable esx <SPAN style="color: #0c969b;">|</SPAN> <SPAN style="color: #0c969b;">ForEach-Object</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Process {</P><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #4876d6;">$tab</SPAN> <SPAN style="color: #994cc3;">=</SPAN> <SPAN style="color: #994cc3;">@</SPAN>{}</P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #0c969b;">Get-AdvancedSetting</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Entity <SPAN style="color: #4876d6;">$esx</SPAN> <SPAN style="color: #0c969b;">|</SPAN> <SPAN style="color: #0c969b;">ForEach-Object</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Process {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <SPAN style="color: #4876d6;">$tab.Add</SPAN>($_<SPAN style="color: #4876d6;">.Name</SPAN><SPAN style="color: #0c969b;">,</SPAN>$_<SPAN style="color: #4876d6;">.Value</SPAN>)</P><P>&nbsp;&nbsp;&nbsp; }</P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #4876d6;">$changed</SPAN> <SPAN style="color: #994cc3;">=</SPAN> <SPAN style="color: #aa0982;">0</SPAN></P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #0c969b;">Get-AdvancedSetting</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Entity <SPAN style="color: #4876d6;">$esx</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Name UserVars.DcuiTimeOut <SPAN style="color: #0c969b;">|</SPAN></P><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #994cc3; font-style: italic;">where</SPAN>{$_<SPAN style="color: #4876d6;">.Value</SPAN> <SPAN style="color: #994cc3;">-ne</SPAN> <SPAN style="color: #aa0982;">600</SPAN>} <SPAN style="color: #0c969b;">|</SPAN> <SPAN style="color: #0c969b;">ForEach-Object</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Process {</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <SPAN style="color: #0c969b;">Set-AdvancedSetting</SPAN> <SPAN style="color: #994cc3;">-</SPAN>AdvancedSetting $_ <SPAN style="color: #994cc3;">-</SPAN>Value <SPAN style="color: #aa0982;">600</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Confirm:<SPAN style="color: #4876d6;">$False</SPAN> <SPAN style="color: #0c969b;">|</SPAN> <SPAN style="color: #0c969b;">Out-Null</SPAN></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <SPAN style="color: #4876d6;">$changed</SPAN><SPAN style="color: #994cc3;">++</SPAN></P><P>&nbsp;&nbsp;&nbsp; }</P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #989fb1;">#</SPAN><SPAN style="color: #989fb1; font-style: italic;"> Other settings with similar structure</SPAN></P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #0c969b;">Write-Host</SPAN> <SPAN style="color: #111111;">"</SPAN><SPAN style="color: #c96765;">On $(</SPAN><SPAN style="color: #4876d6;">$esx.Name</SPAN><SPAN style="color: #c96765;">) there were </SPAN><SPAN style="color: #4876d6;">$changed</SPAN><SPAN style="color: #c96765;"> changes.</SPAN><SPAN style="color: #111111;">"</SPAN></P><BR /><P>&nbsp;&nbsp;&nbsp; <SPAN style="color: #4876d6;">$report</SPAN> <SPAN style="color: #994cc3;">+=</SPAN> <SPAN style="color: #0c969b;">Get-AdvancedSetting</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Entity <SPAN style="color: #4876d6;">$esx</SPAN> <SPAN style="color: #0c969b;">|</SPAN></P><P>&nbsp;&nbsp;&nbsp; Select <SPAN style="color: #994cc3;">@</SPAN>{<SPAN style="color: #4876d6;">N</SPAN><SPAN style="color: #994cc3;">=</SPAN><SPAN style="color: #111111;">'</SPAN><SPAN style="color: #c96765;">VMHost</SPAN><SPAN style="color: #111111;">'</SPAN>;<SPAN style="color: #4876d6;">E</SPAN><SPAN style="color: #994cc3;">=</SPAN>{<SPAN style="color: #4876d6;">$esx.Name</SPAN>}}<SPAN style="color: #0c969b;">,</SPAN>Name<SPAN style="color: #0c969b;">,</SPAN><SPAN style="color: #994cc3;">@</SPAN>{<SPAN style="color: #4876d6;">N</SPAN><SPAN style="color: #994cc3;">=</SPAN><SPAN style="color: #111111;">'</SPAN><SPAN style="color: #c96765;">OldValue</SPAN><SPAN style="color: #111111;">'</SPAN>;<SPAN style="color: #4876d6;">E</SPAN><SPAN style="color: #994cc3;">=</SPAN>{<SPAN style="color: #4876d6;">$tab</SPAN>[$_<SPAN style="color: #4876d6;">.Name</SPAN>]}}<SPAN style="color: #0c969b;">,</SPAN><SPAN style="color: #994cc3;">@</SPAN>{<SPAN style="color: #4876d6;">N</SPAN><SPAN style="color: #994cc3;">=</SPAN><SPAN style="color: #111111;">'</SPAN><SPAN style="color: #c96765;">NewValue</SPAN><SPAN style="color: #111111;">'</SPAN>;<SPAN style="color: #4876d6;">E</SPAN><SPAN style="color: #994cc3;">=</SPAN>{$_<SPAN style="color: #4876d6;">.Value</SPAN>}}</P><BR /><P>}</P><BR /><P><SPAN style="color: #4876d6;">$report</SPAN> <SPAN style="color: #0c969b;">|</SPAN> <SPAN style="color: #0c969b;">Export-Csv</SPAN> <SPAN style="color: #994cc3;">-</SPAN>Path <SPAN style="color: #111111;">"</SPAN><SPAN style="color: #c96765;">Settings_$(</SPAN><SPAN style="color: #4876d6;">$date</SPAN><SPAN style="color: #c96765;">).csv</SPAN><SPAN style="color: #111111;">"</SPAN> <SPAN style="color: #994cc3;">-</SPAN>NoTypeInformation <SPAN style="color: #994cc3;">-</SPAN>UseCulture</P></DIV></BODY></HTML> Thu, 17 Sep 2020 08:51:07 GMT https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Hardening-ESXi-Script/m-p/2305642#M82340 LucD 2020-09-17T08:51:07Z