Automation

 View Only
  • 1.  Setting host permissions on domain joined hosts

    Posted 29 days ago

    Hello All,

    For hosts I need to configure an AD group as an Admin on my hosts, configure another group as ReadOnly and remove Domain\ESX Admins.

    Googling has failed to come up with anything useful.  Setting Config.HostAgent.plugins.hostsvc.esxAdminsGroup does not add my new domain group and even if it did it doesn't deal with other two asks.

    Someone has to have come up with a script for this since that VUL dropped about esxAdminsGroup.  

    Michael



  • 2.  RE: Setting host permissions on domain joined hosts

    Posted 29 days ago

    Isn't step 14 in Configure Multiple Security Settings on the ESXi Hosts by Using PowerCLI doing most of that?



    ------------------------------


    Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference


    ------------------------------



  • 3.  RE: Setting host permissions on domain joined hosts

    Posted 29 days ago
    Edited by mtrohde 29 days ago

    NOPE.






  • 4.  RE: Setting host permissions on domain joined hosts

    Posted 29 days ago

    Not sure what you did, but did you do the Set-AdvancedSetting at the end?



    ------------------------------


    Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference


    ------------------------------



  • 5.  RE: Setting host permissions on domain joined hosts

    Posted 29 days ago
    Edited by mtrohde 29 days ago

    YES.

    The command I used without the Set-AdvancedSetting 

    Get-VMHost <hostname>  | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup

    Is returning the value that is configured.  I can also confirm this AD group is configured by looking at advanced system settings in my vCenter.  Again I am cutting off part of the name of the AD group for security reasons.



    Its just not getting pushed to the host permission for whatever reason.  Hence my confusion.