VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local User Password Expiration Policy for ESXi

Define the interval of time before the password of a local user on an ESXi host in
VMware Cloud Foundation
 expires and a change is enforced.
Setting
Default Value
Security.PasswordMaxDays
99999

Prerequisites

If you plan to reduce the expiration period of a local account's password, rotate the password of the account by using SDDC Manager. See Rotate Passwords.
The password expiration date is determined by adding the password expiration period to the date of the last password change. If the time since the last password change is greater than the new expiration period, the password expires immediately.

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. In the
    Hosts and clusters
     inventory, expand the management domain vCenter Server tree and expand the management domain data center.
  3. Expand the default management vSphere cluster.
  4. Select the first ESXi host and click the
    Configure
     tab.
  5. In the
    System
     section, click
    Advanced system settings
    .
  6. On the
    Advanced system settings
     page, click
    Edit
    .
  7. In the key filter text box, enter
    Security.PasswordMaxDays
    , enter a value for the setting according to the requirements of your organization, and click
    OK
    .
  8. Repeat this procedure on the remaining hosts in the cluster.
  9. Repeat this procedure on the remaining clusters in the management domain.
  10. Repeat this procedure on all clusters in the VI workload domains.

PowerShell Procedure

  1. Start the Windows PowerShell console.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"
$cluster = "sfo-m01-cl01"

$maxDays = "99999"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-EsxiPasswordExpiration -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -cluster $cluster -maxDays $maxDays
  4. Repeat this procedure for all remaining clusters in the management domain.
  5. Repeat this procedure for all VI workload domains and their clusters.

Content feedback and comments