vSphere includes an Exception User list. Exception users do not lose their privileges when the host enters lockdown mode. Use the Exception User list to add the account of a third-party management solution that needs to access the host directly when the host is in lockdown mode. For more information, see Lockdown Mode.

You can specify service accounts that can access the ESXi host directly by adding them to the Exception Users list. A single user can be specified to access the ESXi host in a catastrophic vCenter Server failure. For more information, see Specifying Accounts with Access Privileges in Lockdown Mode.

vSphere 6.0 and later supports the Exception User list for service accounts that must log in to the host directly. Accounts with administrator privileges can log in to the ESXi Shell. In addition, those users can log in to a host’s Direct Console User Interface (DCUI) in normal lockdown mode and exit lockdown mode. Exception users are host local users or Active Directory users with privileges defined locally for the ESXi host. Users that are members of an Active Directory group lose their permissions when the host is in lockdown mode.