How to replace root user with different user name with same privileges
Rate This
There are always two important things in credentials one is the user name and other is password. In ESX world root is default user name. So every knows at least one part of it. It is standard security concern raised by IT Risk. Let’s de-Risk it.
In Windows world it is standard practice rename administrator account and add other user in administrators group. That is exact method we are going to do. Create a user esx-admin and assign it same group as root and then delete root user.
Do not delete root user
So here are how to steps
- Login to esxi host directly using vi client
- Go to users & group as shown below
-
- Create new user. In my case I took esx-admin name
-
- Only fill up Login name, password and leave User name and UID blank which are optional. User name here is description that is it. Do not get confused with windows user creation style
- Add localadmin and root group under group membership and Press ok
- At this point you can access console i.e. DCUI using esx-admin user credentials but you cannot access vCenter
- To get it working, go provide at the root of esx host administrator permission to esx-admin
-
-
Last and important step, stop using Root user for doing any administration purpose for 1 month and then safely delete root user. - Last and important step, stop using Root user for doing any administration purpose and use it only when VMsupport or other emergency case only.Do not delete it
- Store root credentials at some safe place.
No comments:
Post a Comment