Users authorized to work directly on an ESX/ESXi host are added to the internal user list by default when ESX/ESXi is installed or by a system administrator after installation.

If you log in to an ESX/ESXi host as root using the vSphere Client, you can use the Users and Groups tab to perform management activities for these users. You can add users, remove users, change passwords, set group membership, and configure permissions.

You can also use Active Directory to manage users and groups for an ESX/ESXi host.

Caution

See the Authentication and User Management chapter of the ESX Configuration Guide or ESXi Configuration Guide for information about root users and your ESX/ESXi host before you make any changes to the default users. Mistakes regarding root users can have serious access consequences.

Each ESX/ESXi host has two default users:

root user

The root user has full administrative privileges. Administrators use this log in and its associated password to log in to a host through the vSphere Client. Root users have a complete range of control activities on the specific host that they are logged on to, including manipulating permissions, creating groups and users (on ESX/ESXi hosts only), working with events, and so on.

vpxuser

The vpxuser user is a vCenter Server entity with root rights on the ESX/ESXi host, allowing it to manage activities for that host. The vpxuser is created at the time that an ESX/ESXi host is attached to vCenter Server. It is not present on the ESX host unless the host is being managed through vCenter Server.

Note

You cannot manage vpxuser with Active Directory.