Change the default ESX Admins group to achieve greater levels of security by removing a known administrative access point.

1

Log in to the Compute vCenter Server by using the vSphere Web Client.

a

Open a Web browser and go to https://comp01vc01.sfo01.rainpole.local/vsphere-client.

b

Log in using the following credentials.

Setting

Value

User name

administrator@vsphere.local

Password

vsphere_admin_password

2

Change the default ESX Admins group.

a

In the Navigator, click Hosts and Clusters

b

Expand the vCenter Server inventory tree, and select the comp01.esx01.sfo01.rainpole.local host.

c

Click the Configure tab and under System, click Advanced System Settings.

d

Click the Edit button.

e

In the filter box, enter esxAdmins and wait for the search results.

f

Change the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup to SDDC-Admins and click OK.

3

Disable the SSH warning banner.

a

In the Navigator, click Hosts and Clusters

b

Expand the vCenter Server inventory tree, and select the comp01.esx01.sfo01.rainpole.local host.

c

Click the Configure tab and under System, click Advanced System Settings.

d

Click the Edit button.

e

In the filter box, enter ssh and wait for the search results.

f

Change the value of UserVars.SuppressShellWarning to 1 and click OK.