If your vSphere environment is anything like the ones I manage over time you can be left with various ESXi hosts with Services left Running when they should be Stopped. It’s so common to turn on SSH or the ESXi Shell to troubleshoot an issue and then forget to Stop the service when you’re done.
If you’re managing 10s, if not, 100s of ESXi hosts you don’t want to be clicking on each host and checking the Security Profile setting.
This can be checked really easily and modified via PowerCLI. Below I slowly build a basic script that will check and modify a service of all hosts connected to a vCenter.
Open PowerCLI and make a connection to vCenter.
Connect-VIServer myvcenter.domain.local
Once connected we can run the following cmdlet to list all hosts in vCenter.
Get-VMHost
Next we can narrow it down by selecting an individual host then displaying all Services on that host to help identify the Service we want to modify.
Get-VMHost –Name esxi01.domain.local | Get-VMHostService
This will display all services on the host, their policy state, and whether they are running.
Now we can take it one step further and enumerate all hosts looking for a specific service using its service name from the Key column above. In this case I want to list the settings for the ESXi Shell, which is defined by the Key value “TSM”
Get-VMHost | Get-VMHostService | Where {$_.Key –eq “TSM”}
Next I want to now change the policy from On to Off for all hosts which we would do as follows.
Get-VMHost | Get-VMHostService | Where {$_.Key –eq “TSM-SSH”} | Set-VMHostService –Policy “On”
Finally, I want to also change the ESXi Shell on all hosts from Running to Stopped.
Get-VMHost | Get-VMHostService | Where {$_.Key –eq “TSM-SSH”} | Stop-VMHostService
This will display a prompt asking you to acknowledge the operation on each or all hosts.
The scripts above are very crude but get the job done very quickly. They can obviously be narrowed down and enumerated much better. For example Get-Cluster can be used in front of Get-VMHost to target a specific cluster. Also the host’s name can be enumerated to better see which hosts you’re modifying on an individual basis. Call that your study lesson 😉