In this post I talked about automated deployment that launches the remote console for me. Since I had 24 hosts that need the user & role, I created a script that does it for me. Nothing special, just something quick that works…

You’ll need to change the password on line 11, as ‘changeme’ does not meet default complexity requirements.

param([string[]]$vmhosts = $null)
 
$esx_host_creds = $host.ui.PromptForCredential("ESX/ESXi Credentials Required", "Please enter credentials to log into the ESX/ESXi host.", "", "")
 
foreach ($vmhost in $vmhosts){
 
connect-viserver $vmhost -credential $esx_host_creds > $NULL 2>&1
 
New-VIRole -name "Console-Only" -Privilege "Console interaction"
 
New-VMHostAccount -user -id console -password changeme -description "user acct for console only access"	
 
$AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager
$Entity = Get-Folder ha-folder-root | Get-View
$Perm = New-Object VMware.Vim.Permission
$Perm.entity = $Entity.MoRef
$Perm.group = $false
$Perm.principal = "console"
$Perm.propagate = $true
$Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "Console-Only"}).RoleId
$AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm)
 
disconnect-viserver -confirm $false
}

Usage is like this:

add-user.ps1 -vmhosts ("server1","server2","server3","server4","server5")

It prompts you for a user/pass to connect to each ESXi host, so make sure you either have a working login with admin privs, or lockdown mode is NOT enabled and you have root pw.