Check Lockdown Mode Powershell Script

For security reasons one of my customer has Lockdown mode activated on all them ESXi server. Unfortunately, with vSphere 5.5 at least, there is no way to configure the lockdown mode on the host profile. So you have to do it manually on each ESXi server that you add to the vCenter.

Then when an administrator want’s to manage something with SSH or vSphere Client directly to the ESXi host, they have first to disable the Lockdown mode. Often they forget to enable the Lockdown mode again.

For this reason I created this script whitch is scheduled on the vCenter Server with the Windows Task Scheduler. It checks every ESXi host if it has the Lockdown Mode enabled and when not, it enables it.

As an “nice to have”, it sends after every schedule an email with the hosts that were configured. If no ESXi server was configured, it sends an email saying everything is ok.

You just have to edit the 6 first variables with your system informations and it works.

Please be aware that I haven’t implemented any error handling in the script. It’s just an quick and dirty script for my own.

Feel free to use it and share it

Leave a Reply

Your email address will not be published. Required fields are marked *