In this post I talked about automated deployment that launches the remote console for me. Since I had 24 hosts that need the user & role, I created a script that does it for me. Nothing special, just something quick that works…
You’ll need to change the password on line 11, as ‘changeme’ does not meet default complexity requirements.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
param([string[]]$vmhosts = $null) $esx_host_creds = $host.ui.PromptForCredential("ESX/ESXi Credentials Required", "Please enter credentials to log into the ESX/ESXi host.", "", "") foreach ($vmhost in $vmhosts){ connect-viserver $vmhost -credential $esx_host_creds > $NULL 2>&1 New-VIRole -name "Console-Only" -Privilege "Console interaction" New-VMHostAccount -user -id console -password changeme -description "user acct for console only access" $AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager $Entity = Get-Folder ha-folder-root | Get-View $Perm = New-Object VMware.Vim.Permission $Perm.entity = $Entity.MoRef $Perm.group = $false $Perm.principal = "console" $Perm.propagate = $true $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "Console-Only"}).RoleId $AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm) disconnect-viserver -confirm $false } |
Usage is like this:
|
1 |
add-user.ps1 -vmhosts ("server1","server2","server3","server4","server5") |
It prompts you for a user/pass to connect to each ESXi host, so make sure you either have a working login with admin privs, or lockdown mode is NOT enabled and you have root pw.
great script, I have used it in the past for 4.0 to create a role on many servers. this does not work againt 4.1 U2 . Can you update it
I thought I’ve tested this against 4.1. I’ll test it when I get a chance and update where needed.
I just tested this against 4.1 build 260247, 4.1 U1 build 348481, and 5.0 (Dell’s build 504890), and it worked fine. I don’t have any 4.1 U2 hosts to test against, but if it worked against 4.0, 4.1, 4.1 U1, and 5.0, there’s no reason it shouldn’t work on 4.1 U2, unless there’s a bug only on that update.
Followup for Amolak, it was a problem with the privileges. If you’re unsure what to put for -Privilege, try
Get-VIPrivilege