Information Technology Reference
In-Depth Information
Managing Users and Groups Locally
In most cases, the number and frequency of local user accounts on an ESXi host have both
diminished considerably. Usually, you need only two or three accounts for access to an ESXi
host. Why two or three and not just one? You need at least two accounts in case one account is
unavailable during situations such as when a user is on vacation or is sick or an accident occurs.
As you already know, users and groups on ESXi hosts are, by default, managed independently
per ESXi host. Because you need fewer local accounts, many organizations i nd that the admin-
istrative overhead of managing only a few accounts across multiple ESXi hosts is an acceptable
burden.
If this is the case in your environment, you have two ways of managing users and groups
locally. You can use command-line tools, or you can use the vSphere Client. The method that is
right for you will largely depend on your experience and preferences. For example, we feel very
comfortable using the command line, so using the command-line interface (CLI) would be our
i rst choice. However, if you are more comfortable with a Windows-based application, then the
vSphere Client is the best option for you. We'll describe both methods so you can choose the
method that works best for you.
Perform the following steps to view local users and groups with the vSphere Client:
1. Launch the traditional vSphere Client if it is not already running, and connect to an
ESXi host.
Remember, the vSphere Web Client cannot directly manage ESXi hosts and you cannot
manage ESXi local users and groups in either client while connected to a vCenter Server
instance.
2. Select the ESXi host from the inventory list on the left.
3. Click the Local Users & Groups tab in the content pane on the right.
On the Local Users & Groups tab, you can create new users or groups, edit existing users or
groups (including changing the password), and delete users and groups. We'll walk through
each of these tasks shortly.
You can also use the CLI to manage local users and groups. Although ESXi offers a local shell
(covered in a bit more detail in the section “Controlling Local CLI Access”), the preferred way
of using the CLI to work with ESXi is via the vSphere CLI (also referred to as the vCLI). We i nd
using the vSphere Management Assistant (vMA) is the best way of working with the vSphere
CLI. As we show you the process for creating, editing, and deleting local users or groups in the
next few sections, the CLI environment we'll use and describe is the vMA.
Let's take a look at creating a user or group, editing a user or group, and deleting a user or
group.
Creating a Local User or Group
Perform the following steps (these steps assume you're already viewing the Local Users &
Groups tab in the vSphere Client) to create a local user or group using the vSphere Client:
1. Right-click a blank area of the Local Users & Groups tab and select Add.
This opens the Add New User dialog box.
Search WWH ::




Custom Search