VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local Account Lockout Policy for ESXi

Set the maximum number of failed login attempts and the time that must pass before a local account on an ESXi host in
VMware Cloud Foundation
 is automatically unlocked.
Setting
Default Value
Security.AccountLockFailures
5
Security.AccountUnlockTime
900

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. In the
    Hosts and clusters
     inventory, expand the management domain vCenter Server tree and expand the management domain data center.
  3. Expand the default management vSphere cluster.
  4. Select the first ESXi host and click the
    Configure
     tab.
  5. In the
    System
     section, click
    Advanced system settings
    .
  6. On the
    Advanced system settings
     page, click
    Edit
    .
  7. In the key filter text box, enter
    Security.AccountLockFailures
     and enter a value according to the requirements of your organization.
  8. In the key filter text box, enter
    Security.AccountUnlockTime
    , enter a value according to the requirements of your organization, and click
    OK
    .
  9. Repeat this procedure on the remaining hosts in the cluster.
  10. Repeat this procedure on the remaining clusters in the management domain.
  11. Repeat this procedure on all clusters in the VI workload domains.

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"
$cluster = "sfo-m01-cl01"

$maxFailures = "5"
$unlockInterval = "900"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-EsxiAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -cluster $cluster -failures $maxFailures -unlockInterval $unlockInterval
  4. Repeat this procedure on all remaining clusters in the management domain.
  5. Repeat this procedure on all VI workload domains and their clusters.

Content feedback and comments